Systems, methods, and apparatus for linguistic analysis and disabling of storage

ABSTRACT

This disclosure describes systems, methods, and apparatus that monitor any manifestation of an idea, such as typed, written, or verbal message or document creation (e.g., while a user types an email or instant message, or makes a phone call) and analyze the manifestation in real-time to extract a sentiment and based on this sentiment, determine if the idea(s) manifested in the message, document, or other medium poses a risk of violating compliance, policy, or law.

CLAIM OF PRIORITY UNDER 35 U.S.C. § 120

The present application for patent claims priority to U.S. patentapplication Ser. No. 16/363,429, entitled, “SYSTEMS, METHODS, ANDAPPARATUS FOR LINGUISTIC ANALYSIS AND DISABLING OF STORAGE”, filed Mar.25, 2019, which claims priority to U.S. patent application Ser. No.15/640,471, entitled, “SEMANTIC ANALYZER FOR TRAINING A POLICY ENGINE”,filed Jul. 1, 2017 and issued as U.S. Pat. No. 10,289,678 on May 14,2019, which claims priority to U.S. Provisional Application No.62/357,925, entitled, “LINGUISTIC ANALYSIS AND LEARNING FOR POLICYENGINE”, filed Jul. 1, 2016. U.S. patent application Ser. No. 15/640,471is also a continuation-in-part of U.S. patent application Ser. No.15/005,132, entitled, “MESSAGE SENTIMENT ANALYZER AND FEEDBACK”, filedJan. 25, 2016 and issued as U.S. Pat. No. 10,120,859 on Nov. 6, 2018,which claims priority to U.S. Provisional Application No. 62/107,237,entitled, “MESSAGE SENTIMENT ANALYZER AND FEEDBACK”, filed Jan. 23,2015. U.S. patent application Ser. No. 15/005,132 is also acontinuation-in-part of U.S. patent application Ser. No. 14/572,714,entitled, “COMPLIANCE MECHANISM FOR MESSAGING”, filed Dec. 16, 2014 andissued as U.S. Pat. No. 10,305,831 on May 28, 2019, which claimspriority to U.S. Provisional Application No. 61/916,563, entitled,“COMPLIANCE MECHANISM FOR MESSAGING”, filed Dec. 16, 2013. All of theabove are hereby expressly incorporated by reference herein as ifpresented in their entireties.

FIELD OF THE DISCLOSURE

The present disclosure relates generally to digital message analysis. Inparticular, but not by way of limitation, the present disclosure relatesto systems, methods and apparatuses for determining a sentimentassociated with a document and precluding a document from being saved tonon-volatile memory when a sentiment of the document poses a risk of apolicy, compliance, or legal violation.

DESCRIPTION OF RELATED ART

Email, instant messages, and chat room messages, and phone calls at workcan often serve to place liability on companies for communications oftheir employees, even when those communications are against companypolicy. For instance, transcripts of non-compliant personalconversations over company email led the board of Boeing to demand theCEO's resignation in 2005. He had led the company well, but as he hadsent personal message containing language outside of company policy hewas no longer able to serve as an example for the rest of the company.While companies typically employ compliance guidelines to prevent suchmessages from being sent, such compliance mechanisms typically areineffective because they require employees to self-police themselves.Some software-based compliance mechanisms exist, but these tend toanalyze communications after the fact rather than helping to prevent“bad” communication from being made. There is therefore a need forsystems, methods, and apparatus that prevent non-compliant messages frombeing communicated to a recipient.

SUMMARY OF THE DISCLOSURE

Exemplary embodiments of the present disclosure that are shown in thedrawings are summarized below. These and other embodiments are morefully described in the Detailed Description section. It is to beunderstood, however, that there is no intention to limit the disclosureto the forms described in this Summary of the Disclosure or in theDetailed Description. One skilled in the art can recognize that thereare numerous modifications, equivalents and alternative constructionsthat fall within the spirit and scope of the disclosure as expressed inthe claims.

Some aspects of the disclosure can be characterized as a method ofprecluding ideas that pose a compliance, policy, or legal violation riskfrom being recorded in non-volatile memory during document creation. Themethod can include parsing a first document into words and symbols via aparsing module, sequences of words, or words and symbols, beingidentified as ideas. The method can also include passing the firstdocument to a semantic analyzer. The semantic analyzer can be configuredto: access a policy model stored in a policy engine database; access aviolation threshold stored in the policy engine database; assign a scoreto each of the ideas using the policy model; determine that a total ofscores for the first document surpasses the violation threshold; disablesave functionality of a device creating the first document, the savefunctionality configured to save the first document to non-volatilememory; and provide the first document or a screenshot of the firstdocument to an analytics dashboard configured to present the firstdocument to a policy reviewer. The method can further include receivinga response from the policy reviewer indicating the policy reviewer'sassessment of risk of the total of the scores assigned to the firstdocument. The method can yet further include storing the response in thepolicy engine database. The method may also include training the policymodel, at a training module, using machine learning that uses theresponse as one of its inputs, to form an updated policy model. Themethod can include accessing the updated policy model and assign scoresto ideas parsed from a second document using the updated policy model.

Other aspects of the disclosure can be characterized as a system forprecluding ideas that pose a compliance, policy, or legal violation riskfrom being recorded in non-volatile memory during document creation. Thesystem can include a parsing module, a policy engine database, ananalytics database, a semantic analyzer, and a training module. Theparsing module can be configured to receive a first document in realtime or via import and parsing the first document into words andsymbols, sequences of words, or words and symbols, being identified asideas. An analytics dashboard can be configured to present the firstdocument, or a screenshot of the first document, to a policy reviewer,and to receive a response from the policy reviewer indicating the policyreviewer's assessment of risk of the total of the scores assigned to thefirst document. The semantic analyzer can be configured to: receive thewords and symbols; access a policy model stored in the policy enginedatabase; access a violation threshold stored in the policy enginedatabase; assign a score to each of the ideas using the policy model;determine that a total of scores for the first document surpasses theviolation threshold; disable save functionality of a device creating thefirst document, the save functionality configured to save the firstdocument to non-volatile memory; and provide the first document or ascreenshot of the first document to the analytics dashboard. Thetraining module can be configured to train the policy model using theresponse from the policy reviewer as one of its inputs, to form anupdated policy model.

Yet other aspects of the disclosure can be characterized asnon-transitory, tangible computer readable storage medium, encoded withprocessor readable instructions to perform a method of precluding ideasthat pose a compliance, policy, or legal violation risk from beingrecorded in non-volatile memory during document creation. The method caninclude parsing a first document into words and symbols via a parsingmodule, sequences of words, or words and symbols, being identified asideas. The method can also include passing the first document to asemantic analyzer. The semantic analyzer can be configured to: access apolicy model stored in a policy engine database; access a violationthreshold stored in the policy engine database; assign a score to eachof the ideas using the policy model; determine that a total of scoresfor the first document surpasses the violation threshold; disable savefunctionality of a device creating the first document, the savefunctionality configured to save the first document to non-volatilememory; and provide the first document or a screenshot of the firstdocument to an analytics dashboard configured to present the firstdocument to a policy reviewer. The method can further include receivinga response from the policy reviewer indicating the policy reviewer'sassessment of risk of the total of the scores assigned to the firstdocument. The method can yet further include storing the response in thepolicy engine database. The method may also include training the policymodel, at a training module, using machine learning that uses theresponse as one of its inputs, to form an updated policy model. Themethod can include accessing the updated policy model and assign scoresto ideas parsed from a second document using the updated policy model.

BRIEF DESCRIPTION OF THE DRAWINGS

Various objects and advantages and a more complete understanding of thepresent disclosure are apparent and more readily appreciated byreferring to the following detailed description and to the appendedclaims when taken in conjunction with the accompanying drawings:

FIG. 1 illustrates a method for disabling functionality of a messagingsystem before a compliance violation, due to content of a communication,occurs;

FIG. 2 illustrates a method of precluding a non-compliant digitalmessage from being transmitted from a communication device;

FIG. 3 illustrates another method of precluding a non-compliant digitalmessage from being transmitted from a communication device;

FIG. 4 illustrates a method of precluding a non-compliant digitalmessage from being transmitted from a communication device;

FIG. 5 illustrates another method of precluding a non-compliant digitalmessage from being transmitted from a communication device;

FIG. 6 illustrates yet another method of precluding a non-compliantdigital message from being transmitted from a communication device;

FIG. 7 illustrates yet another method of precluding a non-compliantdigital message from being transmitted from a communication device;

FIG. 8 illustrates yet another method of precluding a non-compliantdigital message from being transmitted from a communication device;

FIG. 9 illustrates a system for identifying potential complianceviolations in digital messages and precluding transmission of suchmessages while the potential violation exists;

FIG. 10 illustrates yet another method of precluding a non-compliantdigital message from being transmitted from a communication device;

FIG. 11 illustrates an embodiment of a digital message with at least onedigital messaging function disabled;

FIG. 12 illustrates another embodiment of a digital message with atleast one digital messaging function disabled;

FIG. 13 illustrates yet another embodiment of a digital message with atleast one digital messaging function disabled;

FIG. 14 illustrates yet another embodiment of a digital message with atleast one digital messaging function disabled;

FIG. 15 illustrates an embodiment of a digital messaging platform withat least one digital messaging function disabled;

FIG. 16 illustrates another embodiment of a digital messaging platformwith at least one digital messaging function disabled;

FIG. 17 shows a diagrammatic representation of one embodiment of acomputer system;

FIG. 18 illustrates a method of generating computer responses toexternal communications;

FIG. 19 illustrates another method of generating computer responses toexternal communications;

FIG. 20 illustrates an embodiment of a system employing a policy engineto identify manifestations of ideas that pose a compliance, policy, orlegal violation risk;

FIG. 21 illustrates another embodiment of a system employing a policyengine to identify manifestations of ideas that pose a compliance,policy, or legal violation risk;

FIG. 22 illustrates another embodiment of a system employing a policyengine to identify manifestations of ideas that pose a compliance,policy, or legal violation risk;

FIG. 23 illustrates another embodiment of a system employing a policyengine to identify manifestations of ideas that pose a compliance,policy, or legal violation risk;

FIG. 24 illustrates another embodiment of a system employing a policyengine to identify manifestations of ideas that pose a compliance,policy, or legal violation risk;

FIG. 25 illustrates a method of precluding ideas that pose a compliance,policy, or legal violation risk from being recorded in non-volatilememory during document creation;

FIG. 26 illustrates an embodiment of a user interface from the analyticsdashboard as viewed by a policy reviewer or administrator;

FIG. 27 illustrates an embodiment of a user interface from the analyticsdashboard as viewed by a policy reviewer or administrator;

FIG. 28 illustrates an embodiment of a user interface from the analyticsdashboard as viewed by a policy reviewer or administrator;

FIG. 29 illustrates an embodiment of a user interface from the analyticsdashboard as viewed by a policy reviewer or administrator; and

FIG. 30 illustrates an embodiment of a user interface from the analyticsdashboard as viewed by a policy reviewer or administrator.

DETAILED DESCRIPTION

The word “exemplary” is used herein to mean “serving as an example,instance, or illustration.” Any embodiment described herein as“exemplary” is not necessarily to be construed as preferred oradvantageous over other embodiments.

Preliminary note: the flowcharts and block diagrams in the followingFigures illustrate the architecture, functionality, and operation ofpossible implementations of systems, methods and computer programproducts according to various embodiments of the present invention. Inthis regard, some blocks in these flowcharts or block diagrams mayrepresent a module, segment, or portion of code, which comprises one ormore executable instructions for implementing the specified logicalfunction(s). It should also be noted that, in some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustrations, and combinations ofblocks in the block diagrams and/or flowchart illustrations, can beimplemented by special purpose hardware-based systems that perform thespecified functions or acts, or combinations of special purpose hardwareand computer instructions.

This disclosure describes systems, methods, and apparatus that monitorany manifestation of an idea, such as typed, written, or verbal messageor document creation (e.g., while a user types an email or instantmessage, or makes a phone call) and analyze the manifestation inreal-time to extract a sentiment and based on this sentiment, determineif the idea(s) manifested in the message, document, or other mediumposes a risk of violating compliance, policy, or law.

Compliance Performance Tracking

In one embodiment, analysis of messages can be in real time and used toidentify and disable sending of messages that breach compliance or humanresources protocols. The disabling can occur before a compliance orhuman resources violation occurs (e.g., by disabling the sending of amessage from the sending device or otherwise preventing the message fromreaching any server external to the sending device). U.S. PatentApplication No. 2015/0172243 describes this embodiment in further detailand is incorporated herein by reference.

In some cases it may be desirable to go a step further and track andmonitor compliance violations over time and for various persons acrossan entire corporate entity. In this case, non-compliant messagescontinue to be identified and their transmission blocked or disabled,but further, each instance where blocking is required is recorded. Overtime, the number and quality of non-compliant messages that were blockedcan be used to measure and analyze compliance performance includingimprovement in an organization's understanding of compliance policies aswell as efforts to avoid non-compliant messages.

In addition to compliance, these monitoring techniques can be applied tomessaging related to harassment, ‘isms’, hostile workplace environments,and ethics. In other words, the metric can be used to gauge whether aperson or a group within a company appears to be engaging in harassingactivities regardless of compliance issues. For instance, if a certainnumber of flagged terms or phrases are found within a set of e-mails orinstant messages from a certain employee, then a notification can besent to human resources to investigate the employee's actions in moredetail.

Personality Profiles

Emotional checks, or comparisons to personality profiles, can be used oninbound and outbound messaging (e.g., e-mail) to help employees bettercommunicate by extracting and providing emotional context, includingsuggestions for responses, based on a personality or sentiment of arecipient.

Existing technologies allow personality profiles to be generated basedon analysis of public communications and content that people generate(e.g., NLP Sentiment Technology). For instance, analysis of publicFACEBOOK, TWITTER, and LINKEDIN content can be used to createpersonality profiles for content generators. To simplify the personalityprofile generation, content creators can be placed into buckets, thusgreatly narrowing the number of different personalities available to theanalysis. For instance, a personality bucket may include “easy toanger,” “gullible,” or “compassionate” to name three non-limitingexamples. However, personality profiles can also be numeric. Forinstance, various personality profile tests known to those of skill inthe art include vector graphs showing different personalities. Thus, anumber or vector can be assigned to a personality profile.

The sources of public content are not limited to FACEBOOK, TWITTER, andLINKEDIN, and can include all sources of public content. For instance,blog posts or comments, and forum submissions, are further examples ofpublic content that can be mined to generate personality profiles forpersons who create public content.

These personality profiles can have a number of uses. For one,personality profiles can be used in combination with the above-notedcompliance technology. However, instead of messages being blocked asnon-compliant, systems, methods, and apparatus can analyze messages toidentify words, phrases, sentences, and ideas that can help to createthe personality profiles. In this way, public content as well aspersons' communications can be used to generate personality profiles.

Typically, persons' messages are not publicly available and thus can'tbe analyzed. However, there are many contexts where access to suchmessages is possible. For instance, a customer service staffer receiveshundreds of e-mails per day dealing with countless product issues andtroubleshooting. Each of these messages can be analyzed and used incombination with an existing personality profile associated with thesender of each message, where the personality profile is initiallygenerated based on public content that the message sender has created.For instance, customer service may receive an e-mail from Tony Stark.Tony Stark may also have a FACEBOOK and TWITTER account and may oftenmake public comments on those platforms that are available for publicviewing. A personality profile can be created for Tony Stark based onthe public content of his FACEBOOK and TWITTER accounts. When Tony Starke-mails customer support at VERIZON to complain about dropped calls whenhe is using his phone and moving at high speeds in his IRON MAN suit,VERIZON servers can search a database of personality profiles for TonyStark. Upon finding a personality profile, the VERIZON servers can thenanalyze Tony Stark's e-mail, in a similar manner to the methods used toidentify non-compliant messages described above, and then update thepersonality profile based on information mined from Tony Stark's e-mail.The updated personality profile can then be used to assist customersupport in responding to Tony's concerns about dropped calls. Thisexample helps to highlight how personality profiles can be generated andupdated using a combination of publicly available content and thecontent of one or more messages received by an entity having access toan existing personality profile.

Once at least one message (e.g., e-mail) has been received, the updatedpersonality profile can be used to provide useful information to someoneresponding to the message. For instance, a VERIZON customer supportspecialist who receives Tony Stark's e-mail may be presented with theupdated personality profile. This alone may tell the customer supportspecialist that Tony is in a personality bucket associated with highlyintelligent people and another bucket with people who are unlikely toback down from confrontation. From this, the customer support specialistcan deduce that a fluff response to Tony Stark will not make him goaway, and instead that a more thorough and reasoned response isrequired. Thus, this example shows that the updated personality profilecan be used by a responder to a message to better tailor his/herresponse to a sender.

Similarly, a responder's message can be analyzed while it is beingcreated (e.g., typed). A pop up box or other prompt may appear on theresponder's display encouraging or suggesting that a different tone or adifferent message be used, or that the currently-generated message bemodified to better suit the personality of the original sender (e.g.,Tony Stark). In other cases, further message generation (e.g., typing)may be disabled if the responder's message is found to be too out ofsync with a suggested tone or response based on the original sender'spersonality profile.

Sometimes e-mail and other message responses are automated, forinstance, many customer support groups respond with an automated messageletting a sender know that their message has been received and will beresponded to within 24 to 48 hours. However, these messages tend to beuniform for all senders. The present disclosure envisions automatedresponses that are selected from a database of responses, each responselinked to certain personality profiles. Thus, as messages from differentsenders are received, and even different senders are found to be indifferent moods, different automated responses can be sent that are atleast partially tailored to the sender's personality and/or mood.

In another embodiment, incoming messages are often routed to differentpersons within an organization. Updated personality profiles can be usedto better route incoming messages to specialists. For instance, incomingmessages that are linked to personality profiles of persons that areeasy to anger or that are loyal customers as compared to ones thatfrequently move between service providers of companies, may be routed tomore experienced specialists or those with greater authority (e.g., asupervisor). In the case of Tony Stark e-mailing VERIZON, since Tony'spersonality profile may indicate that he is merely a superhero recentlyresponsible for saving the planet, but not a loyal VERIZON customer, hise-mail can be routed to an offshore call center staffed by mostlyinexperienced, underpaid responders, who type one finger at a time. Incomparison, an e-mail from a long-time customer known to be challengingto work with can be routed to a manager equipped to handle this moreimportant and challenging communication. As seen, updated personalityprofiles can be used to route incoming messages to particular personswithin an organization.

Another embodiment recognizes that multiple people within anorganization sometimes communicate with the same external person withoutknowing that an internal member of the organization has alreadycommunicated with the external person. In this embodiment, an updatedpersonality profile can be generated based on communications that afirst member of an organization has had with an external person. Forinstance, incoming e-mail messages can be mined for data to update thepersonality profile. When a second member of the organization beginsdrafting a message to the external person, the updated personalityprofile on the external person may be presented to the second member ofthe organization to assist him/her in drafting an appropriate message orone more likely to win the heart and mind of the external person. Again,this can be presented as a profile alone that the second member can useat his/her discretion, or as a prompt that can pop up urging orsuggesting certain comments or language for the second member of theorganization to use. In some cases, the message may be blocked orfurther message creation can be disabled if the second member isdrafting a message that falls outside of bounds deemed appropriate withthe external member. The personality profile and information relatedthereto can be stored such that even where one person who hascommunicated with the external person leaves the company, theinformation regarding the personality and sentiment of the externalperson stays with the company.

The above embodiments that utilize an updated personality profile can becategorized as “sentiment” check embodiments since they often involvechecking a sentiment of an outgoing message based on the sentiment ofone or more incoming messages.

In another embodiment, a sentiment preview can be generated for amessage before it is read in order to prepare a recipient for thecontents.

Metrics Based on Organization-Wide Personality Profile Tracking

The above noted personality profiles can be created and updated fornumerous persons within an organization. Over time these profiles can beused to generate overall views of an organization's subjective health.For instance, a happiness, wellness, or productivity of employees onaverage could be determined by looking at the current or trendingprofiles for a large number of employees in an organization. Subjectiveindicators can be extracted for different geographical regions of anorganization or for different departments within an organization.Various other analytics can be provided other than the non-limitingexamples just noted.

These analytics can be incorporated into employee evaluations forpromotions, raises, incentive compensation, and transfers, to name afew. These analytics, since tracked over time, can provide insight intohow events at an organization (e.g., company outings, announcements,etc.) have influenced company sentiment.

Names and personal information is not stored or analyzed. Instead, inone embodiment, scores associated with arbitrary identifications ofpersons can be assigned. An IP address or an encrypted/scrambled versionof an e-mail address are two non-limiting examples of arbitraryidentifications of persons.

In other cases, analytics can be more granular. Rather than assigningscores to individuals, groups of persons can be placed in “buckets” orcategories.

Monetizing Employee Downtime

Yet a further embodiment can allow organizations to monetize thepersonality profiles and updates thereto that result from analyzingmessages sent by employees. In particular, advertising entitiescurrently monitor cookies on devices and therefore can link Internetsurfing tendencies with an IP address. Personality profiles can also beassociated with an IP address and can be exchanged with an advertisingentity for some consideration. Widespread exchange of such data may notbe desirable, so one alternative is to only exchange personalityprofiles with advertising entities when an employee is using theInternet for personal reasons during work hours (i.e., downtime). Inthis way, advertising entities could gain additional personalityinformation for certain IP addresses and thus better tailoradvertisements, but only during periods when users of those IP addressesare using their company resources for non-work purposes.

As noted briefly above, other aspects of this disclosure describesystems, methods, and apparatus that monitor typed, written, or verbalmessage creation (e.g., while a user types an email or instant messageor makes a phone call) and analyze the communication in real-time.Details of such systems, methods, and apparatus are described below withparticular attention to a use case where the analysis leads to adetermination as to whether a breach of compliance policy or law islikely to result from dissemination of the message. However, it shouldbe understood, that the systems, methods, and apparatus for analyzingthe communication can be applied to various use cases and are notlimited to compliance policy or legal breaches. Examples ofcommunications envisioned in this application include, but are notlimited to: digital messages (e.g., e-mail, text, fax), written messages(e.g., notes and hand-delivered memoranda), and verbal messages (e.g.,telephone calls via handset or headset). The systems, methods, andapparatus then disable functionality of the messaging system if anon-compliant (or potentially non-compliant) message is identified. Inthe case of digital messages this can include disabling a send button inan e-mail, disabling send functionality that is triggered by depressionof the “ENTER” key relative to an instant message, and disabling theability to edit text in the digital message other than the flagged text,to name a few non-limiting examples. Digital messages may includeattachments (e.g., attachments to an e-mail or attachments to a textmessage) that can also be analyzed for non-compliance. Again, where anon-compliant attachment is identified, transmission functionality orother functionality associated with the digital message can be disabled.In some cases, the attachment may even be automatically removed from thedigital message and reattachment of the identical attachment may beprecluded.

In the case of written messages a message auditing device can be used toanalyze physical messages and provide a warning if the message isflagged as having non-compliant content. For instance, a device can takeimage samples of a written message as it is being written (or typed on atypewriter) or once the message has been completed. Image analysissoftware can convert the image into digital text via optical characterrecognition or other image analysis software. The digital text can thenbe analyzed to determine if non-compliant text or a non-compliant ideaexists in the message. If non-compliant text or a non-compliant idea isflagged, then the user or sender can be notified of the potentialoffense, for instance via an audible or visual indicator. In oneexample, where a written or typed or printed message is to betransmitted via fax or similar technology, the fax machine or scannercan be disabled when non-compliant text or a non-compliant idea isflagged in a hardcopy of the message.

In the case of verbal messages a device can listen to the verbalmessage, analyze the words and content, determine if the verbal messageincludes non-compliant words or ideas, and provide a signal to the userof the non-compliance threat, or disable functionality of a deviceintended for transmission of the verbal message to a recipient. Forinstance, a cell phone handset or a Bluetooth headset for a mobile orlandline telephone, to name two examples, could analyze verbal messagesto be transmitted through these devices, delay the transmission longenough to enable the analysis to take place, and then disabletransmission of the verbal message if a non-compliant message or idea isidentified. In some cases, the listener may hear silence where thespeaker said non-compliant words or the listener may hear a beep orother sound instead of the non-compliant words that the speaker intendedthe recipient to hear. The device may also notify the speaker thatnon-compliant words have been identified, and/or prevented from beingheard by the listener. A headset may beep or vibrate to indicate to thespeaker that a non-compliant message was detected and that said messagewas not conveyed to the listener. In embodiments where a hardcopycommunication is scanned, faxed, or otherwise converted from a hardcopyto a digital form, the scanning device can include mechanisms to analyzethe message and flag non-compliant text or ideas and then disabletransmission or long term storage functionality. In the case of typedmessages on a mechanical device such as a typewriter, keystrokes can beelectronically monitored or visually monitored via a camera and analysissoftware.

In some embodiments, text or messages can be identified beforecompletion of the drafting or verbal disclosure of a text or message.For instance, where a message is being typed or written, words can beidentified before typing or writing of the word is complete. As oneexample where “bribe” is a word that can be flagged, and a user types orwrites the letters, “brib”, the systems and methods may flag this entryas a potential violation and disable messaging functionality before theuser can even complete typing or writing the word. While it is possiblethat the user was attempting to enter a phrase like, “bribery is notgood for the bottom line,” which might not be in violation, this featurecan be employed as an extra caution against certain words in addition tothe typical functionality that flags complete words and messages. Asanother example, the partial message “fix the labor r” may be flagged,and messaging functionality disabled, before the user can complete thesentence.

In some cases, the portion of the word or message that has been draftedcan be deleted, converted to blank spaces, or converted to symbols. Forinstance, the letters, “brib” may be converted to “XXXX” or “####.” Thepartial sentence “fix the labor r” can be converted to “fix the”. Asseen, portions or an entire message can be converted to symbols orblanks or can be deleted.

Similarly, and in the case of verbal dictation of messages, flaggedwords may not be rendered on a screen or may be rendered using blanks orsymbols as described above. In this way, while flagged words or messagesmay be spoken into a dictation device, the flagged words or messages areprecluded from being added to the message in a computing device's shortterm memory and precluded from viewing on a display.

In all of the examples and embodiments of this disclosure, when anon-compliant message is flagged, a signal or message can be transmittedto a compliance officer. In other embodiments, reports can be generatedand provided to a compliance officer indicating results of blocked,non-blocked, and flagged messages. In some instances, wherecommunication via a digital device does not occur, and hence there is noautomated mechanism for precluding the transmission of a non-compliantmessage, a message may be sent to a compliance officer so that thecompliance officer can take action to prevent transmission or deliveryof the message.

Where a digital device analyzes the text of a digital, written, orverbal communication, resources on the digital device (e.g., a headset)may not have the computing power to perform the analysis with sufficientspeed. In these cases, the device can monitor the text or message andtransmit a digital copy of the text or message, or an extracted versionthereof, to a remote device for processing. For instance, a headset mayconvert a verbal message to a digital signal that is then transmittedvia Bluetooth or other wireless technology to a cellular phone, nearbyserver, or other nearby computer, where the nearby computer converts thedigital signal to digital text, analyzes the text, and returns a signalto the headset indicating that the verbal message is flagged ornot-flagged (i.e., indicating to the device whether or not to disablemessaging functionality). In other words, processing of communicationsand flagging of non-compliant messages can be offloaded to nearbyprivate computing devices that then indicate to the original messagingdevice whether or not to disable messaging functionality.

While the disclosure covers all manner of communications, including, butnot limited to, digital, hardcopy, and verbal, particular examples ofdigital messages are now described in order to better illustrate thegeneral functionality described above and applicable to all manner ofcommunications.

FIG. 1 illustrates a method for disabling functionality of a digitalmessaging system before a compliance violation, due to content of adigital message, occurs. The method 100 includes monitoring an input oftext (e.g., from a keyboard or voice dictation) in a monitor digitalmessage input operation 102. The method 100 repeatedly analyzes thedigital message to determine if a compliance violation has occurred viacompliance violation decision 104. If no violation is found, thendigital messaging functionality continues unimpeded until either aviolation is identified or the digital message is sent via sendoperation 106. If the violation decision 104 identifies a violation,then digital messaging functionality is disabled in a disable operation108. The disabling operation 108 takes effect until the violation isfixed as determined by the violation corrected decision 110. During thedisabling of digital messaging functionality, the method 100 continuesto monitor content of the digital message and via this monitoring theviolation corrected decision 110 can be made. Once the violationcorrected decision 110 determines that the violation has been corrected,an enable digital messaging functionality operation 112 enables thefunctionality that had been disabled. The method 100 then loops back tothe monitor digital message input operation 102 until the message isready to be sent or until another potential compliance violation isidentified by decision 104. When the message is ready to be sent and nopotential compliance violations exist, the user can indicate an intentto send the message (e.g., by pressing a “send” button or by pressing an“ENTER” key on a keyboard, for instance).

The method 100 can be applied to systems and platforms for monitoring ofany type of digital messaging including email, instant messaging (e.g.,YAHOO! INC.'s messenger service, AOL INSTANT MESSAGING (AIM), GOOGLE'sGOOGLE+ HANGOUTS, and PIVOT, to name a few), digital messaging sent frommobile telephones, and digital messages exchanged in chat rooms. Themethod 100 can be embodied as an add-on to SMS text messaging servicesor to text messaging or instant messaging platforms that are proprietaryto a cellular carrier or to a device manufacturer. In order to disablefunctionality before a compliance violation has occurred (e.g., beforethe message is sent and therefore logged), monitoring can be performedon the user device where the message is being drafted. For instance, themethod 100 can be performed by a computing device being used to draft adigital message. In some embodiments, the method 100 can be carried outvia components and modules stored on the computing device and running ona processor of the computing device, while in other embodiments,portions of the method 100 can be stored on remote computing devices andprocessors of those remote computing devices (e.g., a web-basedapplication).

The monitor operation 102 can include extracting words, phrases, and/orsentences from a draft digital message before it is sent. This caninclude extracting words, phrases, and/or sentences as each is created(e.g., typed or dictated). For instance, keystrokes can be monitored orrecorded, and then parsed into words. The monitor operation 102 can alsoinclude extracting words, phrases, and/or sentences only when a block oftext has been completely created. For instance, words may not beextracted until a sentence has been completely drafted. In anotherinstance, extraction occurs after completion of an idea, where the endof an idea can be identified via one or more symbols, including, but notlimited to, a period, a semicolon. Some symbols that may be excludedfrom those indicating an end of a message are a space, a slash, a dash,a comma, and any symbol within a word used to replace a letter of thatword. The end of an idea may also be indicated by a user selecting otherthan a current window of the user interface. In another instance,phrases may only be extracted when a paragraph has been completed. Inother examples, words, phrases, and/or sentences may not be extracteduntil an entire draft digital message is completed. In another example,extracting may be triggered by a pause in the drafting (e.g., a pause intyping or dictation). Extracted words, phrases, and/or sentences can bestored in a buffer or other temporary memory.

In an alternative embodiment, the words, phrases, and/or sentences canbe extracted only when a user provides an input to send the draftmessage (e.g., pressing a “send” button or pressing an “ENTER” key on akeyboard to name two non-limiting examples). For instance, the method100 may operate to check draft messages for compliance at the momentjust before they are sent. If a violation is found, then the message isnot sent and correction is required. Otherwise, the message is sentwithout the user experiencing anything more than a slight delay in thesending of the message—the method 100 operating during the slight delay.

Given one or more words, phrases, and/or sentences from the monitoroperation 102, the compliance violation decision 104 analyzes theextracted text to determine if a compliance violation is likely to occurif the draft digital message is sent. Analysis can include comparing theextracted text to a compliance database of text to identify matches orsimilarities to text identified as likely to cause a complianceviolation. Other methods of determining if a violation has occurred willbe discussed in subsequent portions of this disclosure. The decision 104may also attempt to determine a meaning or thrust of a phrase, sentence,or other text structure in extracted text, and compare the meaning,thrust, or spirit of the text to concepts in the compliance database. Ifa match or similarity is found, then the decision 104 directs the method100 to disabling digital messaging functionality.

The compliance database can include text, phrases, sentences, pairs ofwords, combinations of words, tables or arrays of words and/or phrases,and/or concepts that have been flagged or identified as violating, orpotentially violating, compliance policy or law. In some instances, thecompliance database may include various sub databases, eachcorresponding to different compliance laws and/or policies. In otherinstances, there may be a separate compliance database for eachdifferent set of compliance laws and/or policies.

In some embodiments, the decision 104 can analyze extracted text todetermine if an intent of the extracted text violates a spirit of thecompliance policy or law. For instance, words in digital messages can beassigned scores and greater scores or additional scores can be assignedwhere two or more words share a dependency or where one or more of thewords fits a part of speech (e.g., nouns, verbs, present verbs, pastverbs, adjectives, etc.). For instance, the word “fix”, or derivativesthereof, as an adjective (e.g., “the electrician fixed the network”) maybe assigned a lower score than the word “fix”, or derivatives thereof,as a verb (e.g., “yesterday we fixed the index”).

Since matches to the database may not be exact, a sensitivity level canbe set and modified by a user or company compliance officer. Thesensitivity level can dictate a level of similarity between the intentof the extracted text and the spirit of the compliance policy or law atwhich the disable digital messaging functionality operation 108 istriggered as determined by the compliance violation decision 104. Wherescores are assigned to the extracted text, the sensitivity may be usedto control a threshold over which a total of scores for one or morewords triggers the disable digital messaging functionality operation108. The total can include a sum or product of scores.

If the compliance violation decision 104 determines that a violationwill occur if the draft digital message is sent, then the method 100disables digital messaging functionality in the disable operation 108.This can include disabling one or more functions of the digitalmessaging platform or even functions of the computing device oroperating system upon which the digital messaging platform is running.For instance, a “send” button in the digital messaging platform may bedisabled in one embodiment (e.g., see FIG. 11), while in anotherembodiment, the “send” button along with the ability to open, close, oraccess other applications or software on the computing device can bedisabled (e.g., see FIGS. 12 and 13).

Functionality that can be disabled includes, but is not limited to,restrictions within the digital messaging platform. For instance, thefollowing may be disabled: a transmission button (e.g., a “send”button); a transmission keystroke (e.g., pressing the “ENTER” key orreturn key on a keyboard); a transmission command (e.g., a “send” or“enter” voice command); further text entry in the message (e.g., seeFIG. 15); editing of text in the message other than the text identifiedas triggering the disabling (e.g., see FIG. 15); and saving of thedigital message (e.g., disabling of “save as a draft” functionality), toname a few.

Functionality that can be disabled includes, but is not limited to,functionality of applications, software, and background operations(e.g., daemons and services) other than the digital messaging platform.For instance, the following may be disabled: an ability to accesssoftware other than the digital messaging platform (see FIGS. 13 and14); an ability to switch between software (see FIGS. 13 and 14); anability to close or minimize a window of the messaging platform (e.g.,see FIG. 14); an ability to view any windows other than that of themessaging platform (see FIGS. 13 and 14); an ability to turn off,restart, or put into standby the computing device that the digitalmessaging platform runs on; transmission or receipt of digital messages;Internet access; access to certain websites; access to web-basedsoftware; and an ability to upload or download data to the device onwhich the digital messaging platform is running, to name a few.

Functionality that can be disabled includes, but is not limited to,functionality of the computer device upon which the digital messagingplatform is running. For instance, the following may be disabled: powercontrols; volume controls; screen brightness; screen orientation; theability for the device's display to turn off; network interfaces;network interfaces used by the digital messaging platform; networkinterfaces used for incoming digital messaging; network interfaces usedfor incoming data traffic; network interfaces used for outgoing digitalmessaging; and network interfaces used for outgoing data traffic, toname a few non-limiting examples. In another embodiment, disablingdigital messaging functionality includes precluding a digital messagefrom reaching a network interface of a communication device. In anotherembodiment, disabling digital messaging functionality includesprecluding a digital message from reaching a buffer of a networkinterface.

Various visualizations can be used to highlight the offending text. Forinstance, the offending text can be highlighted with a background color,or the text font can be changed (e.g., changed to bold and/or redcolor). Non-offending text can have its contrast or darkness decreasedin another embodiment. In some cases, a message can be presented to theuser notifying the user that the draft message has been flagged ashaving the potential to be a compliance violation and/or that correctionis required. Such a message can merely notify the user of the problem orcan further include language instructing the user to rectify thepotential violation. In another instance, a message can suggest changesthat the user can adapt in order to correct the potential violation.

Audible signals can also be used to notify to the user the threat of, oremphasize the threat of, the draft digital message. Such audible signalscan be designed to have a volume, tone, and repetition that invoketension or anxiety in a user and thereby act as a deterrent to futurepotential violations. The audible signal may also have characteristicsthat invoke tension or anxiety in a user such that the user isincentivized not to ignore the flagged text. The audible signal may havecharacteristics, such as high volume, designed to be heard by others soas to act as an incentive for the user to correct the potentiallynoncompliant text. Such audible signals may be combined with disablingof the volume function of a device. Such audible signals may carry onuntil the corrected violation decision 110 determines that the flaggedtext is corrected. In other embodiments, the audible signal may havedifferent characteristics at different times, where a change to a secondof the two characteristics is triggered by the computing device notingthat a user has begun to correct the flagged text. For instance, theaudible signal may be loud and obnoxious when flagged text is firstdetected, but may change to a calmer less noticeable sound once a userbegins editing the text, and may go silent when the corrected violationdecision 110 determines that the threat of a compliance violation hasbeen removed.

Once functionality has been disabled in the disable operation 108, themethod 100 waits until the potential violation is corrected. In anembodiment, this involves a loop of the corrected violation decision 110and the disable digital messaging functionality operation 108 until thedecision 110 determines that the potential violation has been corrected.The corrected violation decision 110 may use a similar mechanism to thecompliance violation decision 104 to analyze extracted text and comparethis to a database of text or use more sophisticated algorithms tocompare the intent or spirit of extracted text to the spirit ofcompliance policy or law.

In other embodiments, the corrected violation decision 110 may involve adifferent mechanism than the compliance violation decision 104. Forinstance, the corrected violation decision 110 may look for deletion ormodification of the text flagged as a potential violation.

Once the corrected violation decision 110 determines that digitalmessaging functionality can be reestablished, the enable digitalmessaging functionality operation 112 is carried out. The enable digitalmessaging functionality operation 112 can enable any functionalitydisabled by the disable digital messaging functionality operation 108.

With the digital messaging functionality enabled again, the user canindicate an intent to send the digital message (e.g., via pressing a“send” button) and this input can be converted to a send digital messageinstruction that the device uses to send the digital message in the senddigital message operation 106. In an alternative embodiment (notillustrated), the user can initiate the method 100 by pressing a “send”button or giving some other indication of a desire to send a message.The message can then be analyzed and correction of text can be requiredas described above or the message can be sent, all after the userindicates a desire to send the message.

The method 100 can be implemented as a module or component added on toexisting messaging platforms. For instance, the method 100 can beimplemented with an instant messaging platforms such as AOL INSTANTMESSAGE (AIM), MSN MESSENGER, YAHOO MESSENGER, SKYPE, and GOOGLE TALK,to name a few non-limiting examples, and with e-mail clients such asMICROSOFT OUTLOOK, MAC MAIL, and GMAIL, to name a few non-limitingexamples. The method 100 can also be implemented as a module orcomponent added on to existing web browsers such as INTERNET EXPLORER,GOOGLE CHROME, FIREFOX, AND SAFARI, to name a few non-limiting examples.The method 100 can also be implemented in headsets, cellular phones,smartphones, mobile media devices, laptop computers, desktop computers,tablet computers, ultrabooks, server systems, smart clothing, smartwatches and other ‘smart’ accessories, to name a few non-limitingexamples.

There are a variety of ways to identify a compliance violation within amessage. In some embodiments, the disclosure assigns scores to words andgroups of words and determines whether a total of the scores exceeds athreshold. The total can be derived as a sum of scores or as a productof scores. In some instances, additional score can be added to ormultiplied by the scores to account for more complex analysis ofmessages. The threshold can initially be set at a server side while thesystems and methods operate on client devices. However, customers maysuggest changes to the threshold based on experience with previoushandlings of messages. For instance, a customer may request a higherthreshold where too many compliant messages are being blocked.Alternatively, where a customer has experienced serious punishment forprevious violations, the customer may request a lower threshold in orderto exercise greater caution regarding transmission of messages from itsemployees.

Scores can be assigned to individual words, groups of words, or toideas. Ideas are abstract representations of thought that the systemsand methods herein disclosed identify in messages. Ideas can beidentified via a variety of means, but one embodiment looks for certainsymbols to indicate an end of an idea. For instance, periods and doublespaces can indicate an end of an idea. Ideas can also be identified viaa message creator selecting a different user interface window than thecurrent user interface window, selecting “ENTER”, “SEND”, or carriagereturn. These are just a few of the many symbols and actions that can beused to identify an end of an idea.

Ideas are often used to separate groups of words such that logicalcombinations of words are assigned scores rather than assigning scoresto combinations of words that an author did not intend to be lumpedtogether. For instance, where “set” and “index” appear in the same idea(e.g., in the same sentence) a potential violation may be likely.However, where those two words are seen in different sentences, aviolation is far less likely. Thus, by analyzing combinations of termsin a given idea the systems and methods can avoid false positives.

Scores can be assigned during creation of an idea or after one or moreideas have been created. For instance, a score can be assigned to theword “set” at the start of an idea, or can be assigned to the word “set”only after an idea has been generated by a message creator.

Where scores are assigned to individual words, a database of words canbe compared to words in a message, where each word in the database isassociated with a score that reflects the likelihood that such a wordwill be seen in a non-compliant message. For instance, the word “set”may be assigned a score of half a threshold while the word, “index” maybe assigned a score greater than the threshold. Thus, if “set” is foundin a message, the message may not be blocked. However, if “index” isfound in a message, regardless of the other words in the message, themessage will be blocked. “Set” may be a “risky” word while “index” maybe a “prohibited” word. In other words, risky words are those associatedwith scores less than the threshold, such that two or more are requiredto surpass the threshold. Prohibited words are those associated withscores greater than the threshold, such that these words alone cantrigger blocking of a message.

In some cases a message can be blocked immediately after a total scorefor a message exceeds the threshold. However, since such instances mayinclude portions of messages that appear to create violations, but willnot be if the rest of the message is generated, the systems and methodsherein, in some embodiments, may continue to analyze a message as it iscreated even if messaging functionality has been temporarily suspended.So, while messaging functionality may be disabled at one point duringcreation of a message, functionality may be enabled at a later point ifthe message or idea turns out to be compliant.

Identifying potential compliance violations in messages may account forvarious spellings of prohibited and risky words. For instance, thefollowing non-exhaustive examples may all be assigned a score associatedwith the word “damn”: damn, d.a.m.n, da [line break] mn, d a m n. Alongthese same lines, various spell checking modules can be used toascertain whether text in a message represents the word that hasactually been entered or recorded, or whether a typo has occurred andthe intended word is other than that actually entered or recorded. Inother words, the systems and methods herein disclosed can use a spellchecking library (e.g., Hunspell) to identify matches in a phrase tablewhen the recorded keystrokes are misspelled.

FIG. 2 illustrates a method of precluding a non-compliant digitalmessage from being transmitted from a communication device. While FIG. 2is described in terms of a digital message, the method 200 is equallyapplicable to written and verbal messages as well.

In some cases, potential compliance violations can be identified as adigital message is created and before a complete idea has been formed.FIG. 2 illustrates a method of precluding a non-compliant digitalmessage from being transmitted from a communication device. The method200 can include monitoring an input of a digital message (Block 202).The method 200 can then determine if the digital message comprises apotential compliance violation (Decision 204). If so, then the method200 can preclude the digital message from being transmitted from thecommunication device (Block 210). The method 200 can then monitor theinput of the digital message to determine if the compliance violation isremedied and enable digital messaging transmission functionality of thecommunication device once the compliance violation is remedied. Thismonitoring and determination as to whether the violation has beencorrected can be real-time (e.g., repeatedly assessed as further text isinputted) or can be analyzed at the end of an idea. For instance, FIG. 2shows the variation where such determination occurs after an end of anidea is identified. In particular, after preclusion of the digitalmessage from being transmitted (Block 210), the method determines if anend of an idea has occurred (Decision 212). If so, then the method 200determines if the violation has been corrected (Decision 214). Thisdetermination continues until the violation has been corrected (andhence preclusion of digital messaging continues). Once corrected, themethod 200 re-enables messaging transmission functionality andoptionally clears the buffer of the record of keystrokes for the idea(Block 216). The method 200 then loops back to monitor the digitalmessage input (Block 202) for a new idea.

If preclusion of the digital message from begin transmitted (Block 210)has occurred, and an end of an idea is not identified (Decision 212),then the method 200 loops back to continue monitoring the digitalmessage input (Block 202) for the current idea.

If a potential compliance violation is found (Decision 204), the method200 then looks to see if an end of an idea exists (Decision 206). If so,then the method 200 can loop back to continue monitoring the digitalmessage input (Block 202) and optionally clear the buffer of datarelated to the idea and/or send the digital message (Block 208).

In some instances, potential compliance violations can be identifiedduring message creation but only after sufficient words have beeninputted to form a complete idea. FIG. 3 illustrates another method ofprecluding a non-compliant digital message from being transmitted from acommunication device. The method 300 includes monitoring a digitalmessage input (Block 302) and identifying an end of an idea (Decision312). Once an idea has been identified (Decision 312), the method 300determines if the content of the idea contains a potential complianceviolation (Decision 314). If not, then the method 300 can loop back tocontinue monitoring the digital message input (Block 302) and optionallyclear the buffer of data related the current idea and/or send themessage (Block 320).

If a potential compliance violation is found in the idea (Decision 314),then the method 300 precludes digital messages from being transmitted(Block 316). The method 300 then monitors the digital message inputuntil the violation is corrected (Decision 318) and then enablesmessaging transmission functionality (Block 322). The method 300 thenloops back to continue monitoring the digital message input andoptionally clears the buffer of any data related to the idea and/orsends the message (Block 320).

Precluding digital messages from being transmitted (Block 316) mayinclude disabling a messaging functionality of the communication device.

In other embodiments, potential compliance violations can be identifiedby assigning scores to words and sets of words in complete ideas andtotals of the scores can be compared to a threshold. FIG. 4 illustratesa method of precluding a non-compliant digital message from beingtransmitted from a communication device. The method 400 can includerecording keystrokes on a first computing device (Block 402). Thekeystrokes can be part of a digital message. However, the method 400 isalso applicable to written and verbal messages. The method 400 canfurther include identifying an end of a word (Decision 404). For eachword, a score is assigned (Block 406). As words are assigned scores, themethod 400 also looks for ideas (Decision 408) and when one is found,the method 400 totals the scores for all words in the idea (Block 410).The total is then compared to a threshold (Decision 412) and if thetotal exceeds the threshold, then the method 400 precludes the digitalmessage from being transmitted (Block 414). If the total does not exceedthe threshold, then the method 400 can optionally clear the buffer ofdata related to the idea and/or sends the message (Block 416). However,in some cases, the method 400 can go on recording keystrokes (Block 402)and continue identifying potential violations without clearing thebuffer or sending the message. For instance, an idea may be identifiedvia recording the entry of a period (an end of a sentence). But ratherthan treat the next sentence as a standalone idea, the method 400 cananalyze multiple sentences to determine potential compliance violations.Hence, clearing of the buffer (Block 402) is optional.

When assigning scores, words, combinations of words, or phrases that aredeemed “prohibited” can be assigned scores equal to or greater than thethreshold. In this way, the existence of a single prohibited word, groupof words, or phrase, will trigger the preclusion of the digital messagefrom being transmitted (Block 414). Words, groups of words, or phrasesdeemed “risky” are those in which at least two or more such words orgroups of words are needed in a given idea in order for the idea to forma potentially non-compliant message. These risky words, groups of words,or phrases can be assigned scores less than the threshold. Thus, two ormore risky words, groups of words, or phrases are needed in a singleidea in order for the total to exceed the threshold. While the method400 looks at total scores for a given idea, in other embodiments, totalscan be compared to a threshold across multiple ideas (e.g., two or moresentences).

Identifying an end of a word (Decision 404) may involve parsing thekeystrokes into words and symbols.

FIG. 5 shows a method similar to that of FIG. 4, but further includingthe ability to enable messaging functionality if a potential complianceviolation is corrected. The method 500 is identical to the method 400until the preclusion of the digital message from being transmitted. Themethod 500 then monitors the digital message to see if the violation iscorrected (Decision 518). If the violation is corrected, then the methodenables the messaging transmission functionality (Block 520). The method500 then loops back to recording keystrokes (Block 402) and canoptionally clear the buffer of data related to the idea and/or send themessage (Block 416).

In other embodiments, potential compliance violations can be identifiedby assigning scores to words and sets of words as messages are generatedand comparing these totals to thresholds even before completion of anidea. FIG. 6 illustrates yet a further embodiment of a method ofprecluding a non-compliant digital message from being transmitted from acommunication device. The method 600 can include recording keystrokes ona first computing device (Block 602). The keystrokes can be part of adigital message. However, the method 600 is also applicable to writtenand verbal messages, the former by applying the method to all text in awritten message, and the latter by applying the method in combinationwith an interpreter for converting spoken words to text. The method 600can further include identifying an end of a word (Decision 604). Foreach word, a score is assigned (Block 606). The method 600 totals thescores for all words in the current idea (Block 608). The total is thencompared to a threshold (Decision 610) and if the total exceeds thethreshold, then the method 600 precludes the digital message from beingtransmitted (Block 616). The method 600 then determines if an end to thecurrent idea has been identified (Decision 618). If so, then the method600 ends, with digital messaging functionality disabled. However, if theidea is not at an end (Decision 618), then the method 600 continuesrecording keystrokes (Block 602) and looking for potential complianceviolations.

Returning to the threshold comparison, if the total does not exceed thethreshold (Decision 610), then the method 600 looks for an end of thecurrent idea (Decision 612). If no end has been found, then the method600 continues recording keystrokes (Block 602). If the method 600 hasreached an end of the current idea (Decision 612), then the method 600can optionally clear the buffer of data related to the idea and/or sendsthe message (Block 614). However, in some cases, the method 600 can goon recording keystrokes (Block 602) and continue identifying potentialviolations without clearing the buffer or sending the message. Forinstance, an idea may be identified via recording the entry of a period(an end of a sentence). But rather than treat the next sentence as astandalone idea, the method 600 can analyze multiple sentences todetermine potential compliance violations. Hence, clearing of the buffer(Block 614) is optional.

FIG. 7 shows a method similar to that of FIG. 6, but further includingthe ability to enable messaging functionality if a potential complianceviolation is corrected. The method 700 is identical to the method 700until the end of an idea is identified (Decision 618) and the totalexceeds the threshold (Decision 610). At this point, the method 700looks for correction of the violation (Decision 720) rather than comingto an end. If the violation is corrected, then the method 700 enablesmessaging transmission functionality (Block 722) and optionally clearsthe buffer and/or sends the message.

In some embodiments, an idea can be identified before scores areassigned to words and sets of words within the idea. FIG. 10 illustratesa method of precluding a non-compliant digital message from beingtransmitted from a communication device The method 1000 can includerecording keystrokes on a first computing device (Block 1002). Thekeystrokes can be part of a digital message. The method 1000 can furtherinclude identifying an end of a block of keystrokes representing an idea(Block 1004). The method 1000 can also include assigning a score to eachof the words (Block 1006). The method 1000 can further includecalculating a total of the scores assigned to each of the words and orgroups of words in the idea (Block 1008). The method 1000 can yetfurther include determining that the total exceeds a threshold (Block1010). If the total exceeds the threshold, then the method 1000precludes the message from leaving the computer device (Block 1012). Ifthe total does not exceed the threshold then the buffer can beoptionally cleared of data related to the idea and/or the message can besent (Block 1014). However, in some cases, the method can go onrecording keystrokes (Block 1002) and continuing identifying potentialviolations without clearing the buffer or sending the message. Forinstance, an idea may be identified via recording the entry of a period(an end of a sentence). But rather than treat the next sentence as astandalone idea, the method 1000 can analyze multiple sentences todetermine potential compliance violations. Hence, clearing of the buffer(Block 1014) is optional.

Some aspects of the disclosure describe ways to optimize a model foridentifying potential compliance violations. In particular, feedbackfrom compliance experts can be crowdsourced through the application ofthe systems and methods herein disclosed. Previous attempts toautomatically preclude dissemination of potentially non-compliantmessages suffer from an inability to create accurate models foridentifying potentially non-compliant messages. One way to accomplishthis is to manually flag hundreds of thousands of messages and thenallow a model to optimize its parameters based on these manually-flaggedmessages. However, the resources to perform such manual flagging are notavailable in the art. The inventors in contrast recognized thatcustomers for such a non-compliant message preclusion system couldperform the manual flagging.

Thus, one aspect of the disclosure is a method that includes assigningscores to words and combinations of words in a message, before themessage is sent, in order to determine if the message is potentially inviolation of compliance. The method can further include running one ormore messages through an algorithm that determines which of the messagesare potential violations of compliance policies. The results can beprovided to compliance experts within customer entities. The system canthen receive feedback from the compliance experts indicating an accuracyof the results. Using this feedback, the model can adjust the scoresthat are assigned to words and groups of words. This process can berepeated for a plurality of customers (and the tens of thousands ofmessages that each customer sends through the model), thereby obtaininga set of scores for words and combinations of words that have beentrained by a large number of compliance experts.

FIG. 8 illustrates a method for optimizing a model that is used toidentify potential compliance violations. The method 800 includesmonitoring a digital message input (Block 802) and identifying acompliance violation (Block 804). Given a violation, the method 800precludes a current digital message from being transmitted (Block 808).The method 800 then optionally waits for the violation to be corrected(Decision 810), and optionally enables digital messaging functionality(Block 812) once the violation is corrected. Whether the optionalaspects of the method 800 occur or not, the method 800 then continues tomonitor the digital message input (Block 802). When a complianceviolation is not observed for a given message (Decision 804), the method800 allows the digital message to be sent (Block 806) and continues tomonitor subsequent messages (Block 802). After each instance of amessage being sent (or optionally after a message being blocked orflagged or after a period of time or number of messages have been passedthrough the method 800) the method 800 optionally flags messages thatwere assigned scores that almost exceeded a threshold (e.g., within 5%,within 10%, within 15%, or within 20% of the threshold) (Block 814). Themethod 800 then reports blocked messages, sent messages, and optionallyflagged messages (Block 816). The reporting can be made to customers andin particular to one or more compliance experts of a customer. Thecompliance expert(s) can then review the report and provide feedback.Such feedback can include indications of words or combinations of wordsthat should be considered prohibited or risky, to name one example. Themethod 800 can then receive the feedback, which indicates a subjectiveaccuracy of blocked, sent, and optionally flagged messages from aplurality of compliance experts. The method 800 then learns the modelbased on this feedback (Block 820).

In the various methods of FIGS. 1-8 and 10, once a potentiallynon-compliant message is identified, further message input can bedisabled as well as message transmission functionality. For instance,further text input may be prevented or the offending text may beautomatically deleted. Where offending text is deleted, this text mayalso be removed from a buffer of the computing device, or removed from amessaging buffer but added to a reporting buffer that is later used togenerate reports for the customer. In some cases, all additional inputsto a computing device, including all mouse and touch-based inputs may bedisabled. In some cases, all message transmission inputs (e.g., a “SEND”button) can be disabled.

FIG. 9 illustrates a system for identifying potential complianceviolations in digital messages and precluding transmission of suchmessages while the potential violation exists. The system 900 caninclude a compliance engine 902 configured as a server in aclient-server relationship with a plurality of customer networks 910(only two of which are shown). The compliance engine can be configuredto maintain a model that is used by compliance clients 914 to identifypotentially non-compliant messages being created on the customernetworks 910. The compliance clients 914 can then block messages thatare identified as non-compliant or identified has having non-compliantmessages in them. Blocking a message means that the message is unable toleave the customer network 910 and in many embodiments means that amessage is unable to leave a customer device 912 on which the message iscreated. Prior art filtering systems tend to analyze messages, such ase-mail, once the message has reached an intermediary server (e.g.,before the message reaches a recipient, but after it leaves the deviceon which the message was created) or location (e.g., for preventingphone calls from reaching a location that would lead to a complianceviolation). For many compliance situations, these filters are inadequatesince a message that is stored on an intermediary server, even if itnever reaches its recipient, still constitutes a compliance violation.For instance, in financial services, an instant message that is filteredat an intermediary server, but before reaching a recipient, is still acompliance violation since it has been stored on a device that isvisible to compliance officials. Similarly, even if a message reaches acompany's internal server and is then blocked, that company may still berequired to report non-compliant messages to federal agencies, eventhough the message never left the company's control. Therefore, theherein disclosed systems and methods build upon the prior art bypreventing potentially non-compliant messages from ever leaving a deviceon which they are created.

The compliance engine 902 can include a scoring model 903, a learningmodule 904, and a feedback storage 905. The scoring model 903 can bereplicated on the compliance clients 914, which each reside on acustomer devices 912, where there can be one or more customer devices912 on each customer network 910. Three customer devices 912 are shownon each customer network 910, but fewer or more customer devices 912 canalso be implanted.

As a user creates a message on a customer device 912 (e.g., a mobilephone or a desktop computer with an instant messaging platform, to nametwo non-limiting examples), the compliance client 914 can monitor themessage and preclude message transmission or messaging functionality ifa potential compliance violation is identified in the message (e.g.,preclude the message from reaching a network interface of the customerdevice 912 or a messaging buffer of the customer device 912). Suchanalysis can occur in real time or after a certain trigger. For realtime analysis, each word or groups of words can be analyzed as they arecreated without waiting for a trigger. Where a trigger is used, thetrigger can be the completion of an idea, an attempt to send themessage, or an attempt to navigate away from a user interface window inwhich the message was being created.

In some cases the compliance client 914 can disable messagingfunctionality, but remain open to the possibility that the message mayturn out to be compliant, and thus later enable messaging as messagecreation continues. Alternatively, the compliance client 914 can disableboth messaging and further text input (and/or the ability to change userinterface windows) whenever a potential compliance violation isidentified. In these cases, the compliance client 914 may monitor forcorrections of the violation (e.g., a user deleting non-compliant text)and then enable messaging once the potential violation has been removed.In other instances, the compliance client 914 may remove the portion ofa message that creates the potential violation. In this variation,messaging functionality may be re-enabled once the compliance client 914has automatically removed the potentially offending portion of themessage.

The scoring model 903 can be updated by the learning module 904, forinstance by increasing or decreasing scores that are assigned to wordsor groups of words. Updates might also include changes to the groups ofwords that are assigned scores or to the relationships between wordsthat are associated with certain scores. Other updates to scoring in thescoring model 903 can also be made. The learning module 904 can base itsactions on the feedback storage 905, where feedback is provided by thecustomer networks 910. The feedback can include subjective feedbackregarding an accuracy of the compliance clients' 914 actions. Forinstance, feedback may include indications that certain words orcombinations of words are being given too much weight. In anotherexample, feedback may include a request that certain words be deemedprohibited words, and thus that such words be assigned scores that areabove the threshold. Feedback may also include requests or suggestionsthat the threshold be raised or lowered.

The feedback can be used to update the scoring model 903 for allcompliance clients 914 across all customer networks 910, updates can beunique to each customer network 910, or both. For instance, one customermay provide feedback including a request to change the threshold or tochange the scoring associated with a particular term, and the scoringmodel 903 can be updated for the customer network 910 associated withthe request, but remain unchanged for all other customer networks 910.Updates to the scoring model 903 can be pushed to the compliance clients914 on each customer network 910. Updates that are pushed to thecompliance clients 914 can include updated phrase templates.

So that customers can review the effectiveness of the compliance clients914, reports can be provided to each customer and the customer canprovide feedback that can be used to influence and train the scoringmodel 903. Each customer network 910 can include a report storage 916, acustomer input-output 918 (I/O), and a feedback storage 920. Thecompliance clients 914 can provide data regarding those messages thatwere blocked, transmitted, and optionally flagged to the report storage916 for each customer network 910. Reported data can also includeparameters of the model such as the threshold and scores that are beingused. This data can be provided to the customer I/O 918 as a report andthereby presented to the customer (e.g., to one or more complianceexperts of the customer). The customer can provide subjective feedbackregarding the report via the customer I/O 918 and this feedback can bestored in a feedback storage 920 of the customer network 910. Thefeedback is then passed to the compliance engine 902 and stored in afeedback storage 905 of the compliance engine 902. Feedback from theplurality of customer networks 910 can be provided such that thelearning module 904 is able to optimize the scoring model 903 based onfeedback from a large number of customer networks 910 and potentially alarge number of compliance experts. In other words, the job of providingsubjective manual feedback can be crowdsourced using the customers asthe crowd. This saves time and money as compared to previous attempts toautomatically filter non-compliant messages, and in fact makes thisautomated process possible where the resources simply did not exist toperform this message blocking via prior art methods.

In some embodiments, the scoring model 903 can be trained even before afirst use of the compliance clients 914 with real-time messages occurs.For instance, the customer can run one or more compliance clients 914 onpreviously-transmitted messages and then provide feedback based onreports for these previously-transmitted messages. In this way, thescoring model 903 can be trained for different customers beforecompliance clients 914 are activated for real-time message blocking.

In some embodiments, the compliance clients 914 can flag ideas,messages, or words that are close to surpassing the threshold, but donot actually surpass the threshold. When these flagged ideas, messages,or words are provided in a report to the customer and a complianceexpert, the customer can provide feedback relative to these flaggedideas, messages, or words (e.g., a flagged word should have been scoredas a prohibited word) and thus an added level of feedback can beprovided for training the scoring model 903.

The customer devices 912 can include various computing devices such ascommunication devices. A few non-limiting examples include cellularphones or smartphones, tablet computers, and desktop computers. Otherexamples include fax machines and voice recorders.

The customer networks 910 can be private or local area networks andoptionally are firewalled or otherwise isolated from each other. In someembodiments, a customer network 910 can include public networkconnections between internal components, for instance, where one or morecustomer devices 912 are connected to the report storage 916 via theInternet.

FIG. 11 illustrates an embodiment of a digital message with at least onedigital messaging function disabled. In particular, an ability to sendthe digital message has been disabled. In the illustrated embodiment,this includes a visual indicator that the send functionality has beendisabled, although in other instances the functionality can be disabledwithout an accompanying visual indicator.

FIG. 12 illustrates another embodiment of a digital message with atleast one digital messaging function disabled. In particular, an abilityto send the digital message has been disabled along with an ability toaccess other windows or other open programs on a computing device. Theillustrated embodiment also includes a visual indicator indicating thatthe other windows and/or other applications are not accessible, althoughsuch visual indicator is not required. In some cases, the visualindicator may be a mere change in color or contrast of the other windowsor applications. As illustrated, the visual indicator covers or blocksviewing of the contents of the other windows or applications, althoughthis is not required.

FIG. 13 illustrates yet another embodiment of a digital message with atleast one digital messaging function disabled. In particular, an abilityto send the digital message has been disabled along with an ability toaccess any other functionality or applications on the computing deviceas well as an ability to minimize or close the instant window. Theillustrated embodiment includes a visual indicator that other functionsof the device are disabled, although this is not required.

FIG. 14 illustrates yet another embodiment of a digital message with atleast one digital messaging function disabled. In particular, an abilityto send the digital message has been disabled along with an ability toedit non-flagged text or to add text to the digital message. In otherwords, the user is only able to edit the flagged text in thisembodiment. In this illustration, flagged text is that text that is notoverlapped with a cross-hatched background; non-flagged text includes adarkened or cross-hatched background.

FIG. 15 illustrates an embodiment of a digital messaging platform withat least one digital messaging function disabled. The illustratedembodiment can have instant messaging or chat room functionality and canshow contacts, other users, and/or various chat rooms in one window anda chain of instant messages in another window, although these featuresand the illustrated arrangement are not required. The User's previousdigital messages can be seen along with digital messages from otherusers (e.g., Porthos and Moe). The User has entered text that has beenflagged as a potential violation of compliance policy or laws (forinstance as determined by the compliance violation operation 104 in FIG.1). The flagged text has also been highlighted. Although notillustrated, the ability for this digital message to be sent has beendisabled. For instance, pressing the “enter” or return key or giving asend or transmit voice command may have no effect as these functions mayhave been disabled. As such, the offending message cannot be sent andhence cannot be logged or create a violation. The disabling may carry onuntil the User corrects the potentially violating text. Alternatively, a“send” button, or various other functionality that is not illustrated ornot visible in the illustration, may be disabled as a result of thepotentially non-compliant text being flagged.

FIG. 16 illustrates another embodiment of a digital messaging platformwith at least one digital messaging function disabled. Like FIG. 15, theillustrated embodiment can have instant messaging or chat roomfunctionality and can show contacts, other users, and/or other chatrooms in one window and a chain of instant messages in another window,although these features and the illustrated arrangement are notrequired. The User's previous digital messages can be seen along withdigital messages from other users. The User has entered text that hasbeen flagged as a potential violation of compliance policy or laws (forinstance as determined by the compliance violation operation 104 in FIG.1). The flagged text has also been highlighted. Although notillustrated, the ability for this digital message to be sent has beendisabled. In this embodiment, only a portion of the User's draft digitalmessage has been identified as being a possible compliance violation,and thus only the flagged text has been highlighted. In someembodiments, the entire message may be editable, but not sendable, whilein other embodiments, the User may only modify the flagged text whileediting of the non-flagged text is disabled.

In other embodiments of the disclosure, systems, methods, and apparatusare described for preventing manifestation of risky ideas in messagesdocuments or other tangible forms that can be subpoenaed by a court.Compliance and other violations become a risk when a non-compliant ideais manifested in a document, message, or other format that a court cangain access to. For instance, even if an e-mail is not transmitted, adraft of that message may be saved to a server if the message is notdeleted in a certain amount of time. Thus, even though this message isnever sent, a court could conceivably obtain a copy of the message viasubpoena. As another example, a non-compliant idea (e.g., a sexuallyharassing commentary) can become problematic when written in a WORDdocument and saved, even if the document never leaves a user's computer(e.g., via e-mail). In other words, compliance risks arise frommanifestation of a non-compliant idea in a document rather than merelyfrom transmission of a non-compliant message. Therefore, increased riskmitigation is provided by systems, methods, and apparatus that preventmanifestation of flagged ideas, not just via prevention of messagetransmission. Although much of this application has focused onprevention of message transmission, in other embodiments, risky ideascan be flagged in any document or other manifestation of an idea beforethe manifestation of the idea is saved to non-volatile memory (e.g., aserver, device hard drive, flash storage, etc.). Any ability for themanifestation to be saved can then be disabled. For instance, somedocument and message creations platforms include auto-save functions(e.g., MICROSOFT WORD and GMAIL), and these can be disabled the momentthat a risky idea is identified. Further, any user-initiated savefeatures can be disabled (e.g., a “Save” button can be disabled). Onceany ability to save the manifestation of the idea is disabled, the riskyidea or parts of the risky idea can be removed (e.g., deleted, censored,covered up, etc.). In some cases, a user can be prompted to remove orchange the risky idea on their own. In some cases, editing functions canbe disabled or limited. For instance, the ability to add additional textor change windows may be disabled, and prompt may appear requiring theuser to read a warning and press a “delete” or other button that removesthe risky idea from a document or other manifestation of a risky idea.In other cases, the prompt may include an education message intended totrain the user to avoid risky ideas in the future. In other cases theprompt can include statistics showing a risk score, trends in riskscores, etc. meant to show the user how his/her actions have improved ordegraded over time.

Further disclosed herein are systems, methods, and apparatus foridentifying manifestations of ideas that pose a compliance, policy, orlegal violation risk. In some embodiments, such a system can bepartially embodied in a policy or compliance engine. A policy engine canbe used to identify documents or other manifestations of ideas that posea compliance, policy, or legal violation. Documents can include anymanifestation of an idea in a form that can be saved to non-volatilememory. For instance, an instant message, cellular text message, webblog post, a forum post, a text document, a PDF, a spreadsheet, anexecutable, a database file, monitored instant message, non-monitoredinstant message, web traffic, or transcribed phone call, are just a fewnon-limiting examples of documents, and they meet this definition evenbefore they are saved to non-volatile memory, and even if they are neversaved (although manifestations of ideas can take many forms, for thepurposes of this disclosure, all such manifestations will be hereafterreferred to as “documents”).

FIG. 20 illustrates an embodiment of a system employing a policy engineto identify manifestations of ideas that pose a compliance, policy, orlegal violation risk. A user, using a user device, can create orgenerate a document (2002). This can include drafting an e-mail orinstant message, transcribing a telephone conversation or dictating amessage, or entering language into a document (e.g., a blank document ora template), to name a few non-limiting examples. Documents can also bereceived as e-mail journaling, XML exports, Direct MYSQL connections,APIs from a communication provider, OS accessibility features. Thedocument can be logged in real-time or imported (e.g., via an importmodule 2403, see FIG. 24) to a semantic analyzer 2004. The semanticanalyzer 2004 can scan the document for context and content as describedabove relative to preclusion of message transmission. In some instances,the document can be parsed into words and symbols as part of theanalysis. Sequences of words, or words and symbols, can be identified bythe semantic analyzer 2004 as ideas. The semantic analyzer 2004 canaccess a policy model stored in a policy engine database 2008 as well aviolation threshold. The policy model can account for policy violations(e.g., sexual harassment, racism, sexism, age discrimination, EEOC,Civil Rights, company conduct, confidentiality, time expenditures,etc.), and compliance violations (e.g., Dodd-Frank, CAN-SPAM, CAN-SPAM,EEOC/Civil Rights, Company Conduit, Confidentiality, Time Expenditures,and any other set of rules, either public, or private and unique to agiven company). The semantic analyzer can then assign a score to each ofthe ideas using the policy model and total the scores. If the total ofthe scores for the first document surpasses the violation threshold,then the semantic analyzer 2004 can disable save functionality of theuser device creating the first document. This can include sending apreclusion instruction to the user device causing the user device todisable any ability to save the first document (2018). In someembodiments, the semantic analyzer 2004 may also instruct the userdevice to prevent transmission of the first document, disable furtherediting of the first document, or prompt a user of the user device toedit or fix the risks found in the first document. In some embodiments,the semantic analyzer 2004 can also request a screenshot of the documentbefore any further editing of the document is possible.

The semantic analyzer 2004 can also save each document and/or screenshotto the policy engine database 2008 along with the score assigned to eachdocument. The entire document can be written to the policy enginedatabase 2008, or the document in parsed form can be stored. In otherembodiments, entire documents as well as parsed forms thereof can bestored. In some embodiments, writing to the policy engine database 2008can use a write once read many (WORM) protocol. In some embodiments,writing policy engine database 2008 can also or alternatively use256-bit AES encryption or other form of encryption. The semanticanalyzer 2004 can also assign meta tags to each document orcommunication and can include a policy review and a context (acrossmultiple platforms). The meta tags can enhance the ability to searchdocuments at a later time. In some embodiments, documents can be indexedby user, or content extracted from a document can be stored in thepolicy engine database 2008 along with a score and can be indexed byuser.

All documents, or only those documents flagged as constituting a policy,compliance, or legal violation risk, can be passed to an analyticsdashboard 2010. The analytics dashboard 2010 can be accessed by one ormore policy reviewers via corresponding reviewer devices 2012. Policyreviewers can provide responses, and these responses can indicate apolicy user's assessment of risk of the total of the scores assigned tothe first document. This can include flagging false positives, assigninga human-generated score to the first document, or affirming the flaggingor score assigned by the semantic analyzer 2004. Flagging falsepositives can train the policy model to look for other risk identifiersother than the ones it may have used in the first instance. Forinstance, the policy model may turn to speech patterns, sender/receiverinfluences, syntax, word choice, message length, time of day, or otherpatterns instead of the one(s) used in the first instance, or change theweighting that these factors have on the score for a document. Policyusers may also change scores assigned by the semantic analyzer 2004.

A single policy reviewer or many policy reviewers can be used to analyzethe documents. The policy reviewer(s) can be part of the entity orcompany where the document was created (e.g., FIG. 20), or can includesome policy reviewers internal to and some external to the entity orcompany (e.g., FIG. 21-23). In some instances, this operation can befarmed out to human resources and compliance “turks” such as thoseavailable via the Amazon Mechanical Turk platform. Policy reviewers canbe sourced from different organizations, where policy reviewers from agiven organization analyze flagged documents or communicationsassociated with their organization. This maintains privacy betweendifferent organizations even though the policy engine learns from inputfrom all policy reviewers. In another embodiment, the documents orcommunications can be anonymized, such that policy reviewers can analyzeflagged documents or communications regardless of the source. Forinstance, policy reviewers from General Electric could be reviewingdocuments or communications from IBM and Apple without the source ofthose documents or communications being apparent to the General Electricpolicy reviewers.

The dashboard can prompt a user to score or critique the policy engine'sperformance. In particular, one or more policy reviewers are presentedwith the documents or screenshots of the documents, and asked to judgewhether the semantic analyzer 2004 appropriately flagged or scored adocument. In other cases, a policy reviewer may be asked to assign aqualitative score to the semantic analyzer's 2004 scoring (e.g., 1-10 orone to three stars). For instance, where a policy reviewer does notbelieve that a document should have been flagged as presenting apotential violation, the user can assign a score of 0, whereas thepolicy reviewer may assign a score of 1 to a document that appears to beappropriate for flagging. These human results can then be saved in thepolicy engine database 2008 and a training module 2014 can compare thepolicy reviewer scores to the machine-generated scores saved to thepolicy engine database 2008.

In some embodiments, policy reviewers may assign binary assessments tothe documents either agreeing or disagreeing with the risk assessmentsperformed by the semantic analyzer 2004 (e.g., indicating flaggedcommunications as “hits” or “misses”). Alternatively, the policyreviewers can assign a score to the documents, thereby indicating theiragreement or disagreement with the semantic analyzer's 2004 assignmentof scores to documents.

In some embodiments, a policy reviewer or an administrator can customizea lexicon or phrase template that is part of the policy model.

The analytics dashboard 2010 can then receive these responses from theone or more policy reviewers, and these responses can be stored in thepolicy engine database 2008, and then accessed by the training module2014 to train the policy model. This training can use machine learningand/or can use the responses as one of a plurality of inputs. Thetraining can form an updated policy model.

As the model is trained, additional rules are created, and existingrules may be modified. For instance, where users return scores thatindicate an accuracy of flagging certain content. In the example whereusers merely flag content at their discretion, rather than scoring themachine-flagged content, the training module 2014 can compare thesimilarity of instances of machine flagging and human flagging to trainthe model. As the model is trained via responses from the policyreviewers, the rules make up the policy model may become more complexand accurate.

Subsequent documents can then be analyzed using the updated policymodel. In particular, the semantic analyzer 2004 can receive a seconddocument and access the updated policy model and assign scores to ideasparsed from the second document. In this way, the policy model can betailored to a particular organization. However, where the policy modelis also partially trained by responses from policy reviewers external tothe entity or company, the policy model may only be partially tailoredto the entity or company. This is an optional modification to the modeltraining and may make use of a so-called “crowd” of policy reviewersoutside of the entity or company.

Over time, and as a greater number of communications are analyzed by thepolicy engine, and feedback from the policy reviewers is provided backto the policy engine database 2008, the accuracy of the semanticanalyzer 2004 increases. As the accuracy of the model increases thepolicy reviewers will indicate fewer and fewer “misses” or assign moreand more accurate scores to the semantic analyzer's 2004 flagging.Eventually, fewer policy reviewers will be needed and in one instance,the policy reviewers can be completely removed from the loop as themodel becomes smart enough that any policy user would merely indicate“hit,” and thus not have a role. In practice, the policy reviewers maycontinue to analyze the semantic analyzer's 2004 scores and continuallybroaden the pool of rules and classifications that the semantic analyzer2004 can pull from.

In some embodiments, the semantic risk analyzer 2004 can group threadsof documents (e.g., instant message threads or e-mail threads) based ona parameter such as time. For instance, threads can be grouped by day.The groups threads can then be saved to the policy engine database 2008in addition to the isolated documents, or in place of any series ofdocuments that have been grouped.

While the description of FIG. 20 has focused on embodiments where policyreviewers analyze documents and provide responses that are used to trainthe policy model, in other embodiments, one or more administrators canalso access the analytics dashboard 2010 and manually adjust the policymodel. For instance, an administrator can manually adjust the lexicons,static phrase templates, dynamic phrase templates, or other aspects ofthe policy model. They can also manually adjust the violation thresholdor scores assigned to specific words, phrases, or types of speech.

The above description has focused on a semantic analyzer 2004 thatassesses the risk of a document based primarily on semantics. In otherembodiments, the semantic analyzer 2004 may also consider a riskweighting for the user or creator of the document. At the same time, thesemantic analyzer 2004 may also consider a risk of a relationshipassociated with the document (e.g., sender and recipient). In eithercase, the policy engine database 2008 can include risk scores forindividuals and sets of individuals (e.g., sender and recipient,multiple users jointly creating a document). As the semantic analyzer2004 assigns a score to a document, a factor in this calculation can bethe risk associated with the document creator, and/or a set of personsassociated with the document. For instance, a user with a history ofsending racist e-mails to company clients may be assigned ahigher-than-average individual risk score, and this individual riskscore may weight all scores assigned to documents created by this user.Thus, a phrase that would not raise flags for most users, may raise aflag (e.g., result in a document score surpassing the violationthreshold) for this user due to his higher individual risk score.Individual risk scores can be assigned based on an individual's historyof document creation (automatically: as metadata that the sentimentanalyzer 2004 saves to the policy engine database 2008; manually: asmetadata that a policy reviewer or administrator inputs through theanalytics dashboard 2010). The sentiment analyzer 2004 can look atmetadata in the document, or text entered into the document to determinethe author(s), sender, or recipient(s). The sentiment analyzer 2004 canapply individual risk score as a weight to the score otherwise assignedto a document (“baseline score”). For instance, an individual risk scoreof 30 may cause the baseline score of a document to be multiplied by130%. In some embodiments, the individual risk score may only be appliedto the baseline score if the individual risk score exceeds an individualrisk threshold.

In addition to or alternatively to individual risk score, the policymodel can include relationship risk scores. The semantic analyzer 2004can consider a relationship between a sender and receiver of a document(e.g., instant messages and e-mail or a transcribed voice conversation),between persons sharing creation of a document, or any otherrelationship. The sentiment analyzer 2004 can look at metadata in thedocument, or text entered into the document to determine the author(s),sender, or recipient(s). This relationship risk score can also be afactor in calculating the score for a document. For instance, an instantmessage having a sentiment or idea implying a potentially unlawful stocktrade may carry greater weight if sent between two parties having ahistory of risky trades. In other words, the relationships found in adocument can influence the chances of a document being flagged orexceeding the violation threshold, and thus the disabling of savingand/or transmission functionality. In some embodiments, the relationshiprisk score may only be applied to the baseline score if the individualrisk score exceeds an individual risk threshold.

While policy reviewers can influence or set individual and relationshiprisk scores during review of a document, an administrator can alsoaccess the policy engine database 2008 independent of document review,and adjust, influence, or set these scores. For instance, anadministrator may increase a user's individual risk score as a result ofa human resources violation—an event that evidences increased risk forthat user, but that would not otherwise be included in the trainingbased on automated means and policy reviewer responses. Alternatively,the administrator could add metadata to the policy engine databasedescribing or detailing events that otherwise are not captured by thepolicy engine database. For instance, the administrator could enter asmetadata a statement verbally made by an employee. The administrator maynot take any action directly related to the individual's risk score, andinstead the training model 2014 may note the entry of this metadata andtrain the policy module based on its analysis of this metadata.

The sentiment analyzer 2004 can also apply weighting to the baselinescore based on a document or user's proximity to problematic tradecollections (hereinafter referred to as “hotspots”). This may involvetracking of trade data in addition to sentiment of documents and userand relationship risk.

As with sentiment, when documents are presented to policy users via theanalytics dashboard 2010 and policy reviewer devices 2012, policyreviewers may further assess individual risk and relationship risk. Forinstance, a policy reviewer may assign an individual risk score to acreator of a document being reviewed. A policy reviewer may assign arelationship risk score to a pair of sender and recipient or to a groupof shared document creators. At the same time, if the individual of setof users already have risk scores and/or relationship scores assigned tothem, these scores may be displayed via the analytics dashboard 2010,and the policy reviewers may have the option to adjust these scores aspart of their review of a document.

The management system illustrated in FIG. 20 can be implemented on anentity or company's internal network or premises, remotely, or via acombination of internal network and the cloud. Any of the four elementsof the management system can be local or remote to an entity orcompany's premises. In some cases, the functionality of the functionalblocks making up the management system can be distributed between localand remote hardware. In some cases, the functionality of the functionalblocks making up the management system can be distributed betweeninternal and cloud based network hardware/services.

FIGS. 21-23 illustrate variations of FIG. 20 where two or more entitiesor corporations each have a management system, each management systemhaving its own policy model trained for that entity or company. However,in each of these variations, the respective training modules usefeedback from policy reviewers internal and external to the entity orcorporation to train each policy model. In this way, each policy modelis trained in part via internal feedback and in part via externalfeedback (or the “crowd”). For instance, in FIG. 21 an analyticsdashboard 2160 for entity N (N representing any positive integer) passesresponses from the policy reviewers for Entity N, both to the internalpolicy engine database 2158 and to entity l's policy engine database2108. In an optional embodiment, analytics dashboard 2110 can passresponses from its policy reviewers to both its internal policy enginedatabase 2108 and to an external policy engine database 2158, that ofentity N. The training modules 2114, 2164 for each entity then traintheir respective policy models based on a combination of internal andexternal feedback. Entity N, represents one or more entities, and inpractice N is a large number. Thus, each policy model is trained basedon a large number of external responses. At the same time, each trainingmodel may weight the influence that internal and external responses haveon the training. Thus, even where external responses far outnumberinternal responses, the internal responses may still have a greaterinfluence on training a policy model-depending on this weighting (whichmay be controlled by an administrator).

Where responses are shared between management systems, and thus trainingis based on both internal and external responses, less than allresponses may be shared or at least used in training. For instance, thetraining may be limited to internal and external responses having commonparameters such as common sender/creator, common lexicon, common words,common phrases, etc.

FIG. 22 illustrates a variation of FIGS. 20 and 21 where each entity hasits own semantic analyzer 2104, 2154 and its own policy engine database2108, 2158, but all entities share a cloud-based or remote analyticsdashboard 2210 and training module 2214. These can be hosted on a remotemanagement system or systems.

FIG. 23 illustrates a variation of FIGS. 20-22 where each entity sharesa set of semantic analyzer 2304, policy engine database 2308, analyticsdashboard 2310, and training module 2314.

In the above illustrations of FIGS. 21-23 there is no suggestion thatsharing of hardware of functional blocks means that entities necessarilyshare data. For instance, a single shared policy engine database 2308may have separate storage for each entity, a separate policy model foreach entity, and the shared training module 2314 may use separatetraining parameters for each entity.

FIG. 25 illustrates a method of precluding ideas that pose a compliance,policy, or legal violation risk from being recorded in non-volatilememory during document creation. The method 2500 can include parsing afirst document into words and symbols (block 2502). This can beperformed via a parsing module, for instance, of the semantic analyzer2004. Sequences of words, or words and symbols, in the document can beidentified as ideas. The method 2500 can include passing the firstdocument to a semantic analyzer configured to: access a policy model andviolation threshold stored in a policy engine database (e.g., 2008)(Block 2504). The semantic analyzer can also be configured to save thedocument and/or a screenshot of the document to the policy enginedatabase (Block 2506). Using the policy model, the semantic analyzer canassign a score to each idea in the first document (Block 2508) anddetermine if a total of scores for the ideas in the first documentsurpass the violation threshold (Decision 2510). If not, then the firstdocument does not pose a significant risk, and no further action istaken; the method 2500 can turn to parsing a next document (Block 2502).However, if the total of the scores for the ideas in a given documentdoes exceed the violation threshold (Decision 2510), then the method2500 disables save functionality of a device creating the document inquestion (Block 2512). Save functionality can include any function whichwould, aside from the disabling, save the document or a portion thereofto non-volatile memory. In other words, disabling save functionalityprevents the document or any portion thereof from being recorded in amedium that could be subpoenaed.

The semantic analyzer can then provide the document in question or ascreenshot of the document in question, or both, to an analyticsdashboard (Block 2514). The dashboard can be configured to present thedocument to a policy reviewer (or a plurality of policy reviewers,either internal or both internal and external to the entity or company).The method 2500 can then receive a response from the policy reviewerindicating the policy reviewer's assessment of risk of the total of thescores assigned to the document (Block 2516). The response can includean affirmance of the score assigned by the semantic analyzer, anadjustment to the score assigned by the semantic analyzer, or indicationthat the semantic analyzer's assessment was a false positive, to name afew non-limiting examples. The method 2500 can then store the responsein the policy engine database (Block 2518). Based on this response, andoptionally other responses, a training module can train the policy model(Block 2520). The training module can use multiple inputs, where theresponse is one of those inputs. Given the updated policy model, themethod 2500 can circle back to parse a next document (Block 2502), andbegin analyzing that document and assigning a score to that documentbased on the updated policy model.

The systems and methods described herein can be implemented in acomputer system in addition to the specific physical devices describedherein. FIG. 17 shows a diagrammatic representation of one embodiment ofa computer system 1700 within which a set of instructions can executefor causing a device to perform or execute any one or more of theaspects and/or methodologies of the present disclosure. The computingdevice described as carrying out the method 100 in FIG. 1 is oneimplementation of the computer system 1700. The components in FIG. 17are examples only and do not limit the scope of use or functionality ofany hardware, software, firmware, embedded logic component, or acombination of two or more such components implementing particularembodiments of this disclosure. Some or all of the illustratedcomponents can be part of the computer system 1700. For instance, thecomputer system 1700 can be a general purpose computer (e.g., a laptopcomputer) or an embedded logic device (e.g., an FPGA), to name just twonon-limiting examples.

Computer system 1700 includes at least a processor 1701 such as acentral processing unit (CPU) or an FPGA to name two non-limitingexamples. A processor of the computing device that carries out themethod 100 in FIG. 1 is one implementation of the processor 1701. Thecomputer system 1700 may also comprise a memory 1703 and a storage 1708,both communicating with each other, and with other components, via a bus1740. The bus 1740 may also link a display 1732, one or more inputdevices 1733 (which may, for example, include a keypad, a keyboard, amouse, a stylus, etc.), one or more output devices 1734, one or morestorage devices 1735, and various non-transitory, tangiblecomputer-readable storage media 1736 with each other and with one ormore of the processor 1701, the memory 1703, and the storage 1708. Allof these elements may interface directly or via one or more interfacesor adaptors to the bus 1740. For instance, the various non-transitory,tangible computer-readable storage media 1736 can interface with the bus1740 via storage medium interface 1726. Computer system 1700 may haveany suitable physical form, including but not limited to one or moreintegrated circuits (ICs), printed circuit boards (PCBs), mobilehandheld devices (such as mobile telephones or PDAs), laptop or notebookcomputers, distributed computer systems, computing grids, or servers.

Processor(s) 1701 (or central processing unit(s) (CPU(s))) optionallycontains a cache memory unit 1702 for temporary local storage ofinstructions, data, or computer addresses. Processor(s) 1701 areconfigured to assist in execution of computer-readable instructionsstored on at least one non-transitory, tangible computer-readablestorage medium. Computer system 1700 may provide functionality as aresult of the processor(s) 1701 executing software embodied in one ormore non-transitory, tangible computer-readable storage media, such asmemory 1703, storage 1708, storage devices 1735, and/or storage medium1736 (e.g., read only memory (ROM)). For instance, the method 100 inFIG. 1 may be embodied in one or more non-transitory, tangiblecomputer-readable storage media. The non-transitory, tangiblecomputer-readable storage media may store software that implementsparticular embodiments, such as the method 100, and processor(s) 1701may execute the software. Memory 1703 may read the software from one ormore other non-transitory, tangible computer-readable storage media(such as mass storage device(s) 1735, 1736) or from one or more othersources through a suitable interface, such as network interface 1720. Anetwork interface of the computing device described relative to themethod 100, where the network interface carries out at least part of thesend digital message operation 106, is one embodiment of the networkinterface 1720. The software may cause processor(s) 1701 to carry outone or more processes or one or more steps of one or more processesdescribed or illustrated herein. Carrying out such processes or stepsmay include defining data structures stored in memory 1703 and modifyingthe data structures as directed by the software. In some embodiments, anFPGA can store instructions for carrying out functionality as describedin this disclosure (e.g., the method 100). In other embodiments,firmware includes instructions for carrying out functionality asdescribed in this disclosure (e.g., the method 100).

The memory 1703 may include various components (e.g., non-transitory,tangible computer-readable storage media) including, but not limited to,a random access memory component (e.g., RAM 1704) (e.g., a static RAM“SRAM”, a dynamic RAM “DRAM, etc.), a read-only component (e.g., ROM1705), and any combinations thereof. ROM 1705 may act to communicatedata and instructions unidirectionally to processor(s) 1701, and RAM1704 may act to communicate data and instructions bidirectionally withprocessor(s) 1701. ROM 1705 and RAM 1704 may include any suitablenon-transitory, tangible computer-readable storage media describedbelow. In some instances, ROM 1705 and RAM 1704 include non-transitory,tangible computer-readable storage media for carrying out the method100. In one example, a basic input/output system 1706 (BIOS), includingbasic routines that help to transfer information between elements withincomputer system 1700, such as during start-up, may be stored in thememory 1703.

Fixed storage 1708 is connected bidirectionally to processor(s) 1701,optionally through storage control unit 1707. Fixed storage 1708provides additional data storage capacity and may also include anysuitable non-transitory, tangible computer-readable media describedherein. Storage 1708 may be used to store operating system 1709, EXECs1710 (executables), data 1711, API applications 1712 (applicationprograms), and the like. For instance, the storage 1708 could beimplemented for storage of the database of text against which thecompliance violation decision 104 and the correction violated 110compare extracted text as described in FIG. 1. Often, although notalways, storage 1708 is a secondary storage medium (such as a hard disk)that is slower than primary storage (e.g., memory 1703). Storage 1708can also include an optical disk drive, a solid-state memory device(e.g., flash-based systems), or a combination of any of the above.Information in storage 1708 may, in appropriate cases, be incorporatedas virtual memory in memory 1703.

In one example, storage device(s) 1735 may be removably interfaced withcomputer system 1700 (e.g., via an external port connector (not shown))via a storage device interface 1725. Particularly, storage device(s)1735 and an associated machine-readable medium may provide nonvolatileand/or volatile storage of machine-readable instructions, datastructures, program modules, and/or other data for the computer system1700. In one example, software may reside, completely or partially,within a machine-readable medium on storage device(s) 1735. In anotherexample, software may reside, completely or partially, withinprocessor(s) 1701.

Bus 1740 connects a wide variety of subsystems. Herein, reference to abus may encompass one or more digital signal lines serving a commonfunction, where appropriate. Bus 1740 may be any of several types of busstructures including, but not limited to, a memory bus, a memorycontroller, a peripheral bus, a local bus, and any combinations thereof,using any of a variety of bus architectures. As an example and not byway of limitation, such architectures include an Industry StandardArchitecture (ISA) bus, an Enhanced ISA (EISA) bus, a Micro ChannelArchitecture (MCA) bus, a Video Electronics Standards Association localbus (VLB), a Peripheral Component Interconnect (PCI) bus, a PCI-Express(PCI-X) bus, an Accelerated Graphics Port (AGP) bus, HyperTransport(HTX) bus, serial advanced technology attachment (SATA) bus, and anycombinations thereof.

Computer system 1700 may also include an input device 1733. In oneexample, a user of computer system 1700 may enter commands and/or otherinformation into computer system 1700 via input device(s) 1733. Examplesof an input device(s) 1733 include, but are not limited to, analpha-numeric input device (e.g., a keyboard), a pointing device (e.g.,a mouse or touchpad), a touchpad, a joystick, a gamepad, an audio inputdevice (e.g., a microphone, a voice response system, etc.), an opticalscanner, a video or still image capture device (e.g., a camera), and anycombinations thereof. Input device(s) 1733 may be interfaced to bus 1740via any of a variety of input interfaces 1723 (e.g., input interface1723) including, but not limited to, serial, parallel, game port, USB,FIREWIRE, THUNDERBOLT, or any combination of the above.

In particular embodiments, when computer system 1700 is connected tonetwork 1730 (such as a network over which the digital messages of FIG.1 are transmitted), computer system 1700 may communicate with otherdevices, such as mobile devices and enterprise systems, connected tonetwork 1730. Communications to and from computer system 1700 may besent through network interface 1720. For example, network interface 1720may receive incoming communications (such as requests or responses fromother devices) in the form of one or more packets (such as InternetProtocol (IP) packets) from network 1730, and computer system 1700 maystore the incoming communications in memory 1703 for processing.Computer system 1700 may similarly store outgoing communications (suchas requests or responses to other devices) in the form of one or morepackets in memory 1703 and communicated to network 1730 from networkinterface 1720. Processor(s) 1701 may access these communication packetsstored in memory 1703 for processing.

Examples of the network interface 1720 include, but are not limited to,a network interface card, a modem, and any combination thereof. Examplesof a network 1730 or network segment 1730 include, but are not limitedto, a wide area network (WAN) (e.g., the Internet, an enterprisenetwork), a local area network (LAN) (e.g., a network associated with anoffice, a building, a campus or other relatively small geographicspace), a telephone network, a direct connection between two computingdevices, and any combinations thereof. A network, such as network 1730,may employ a wired and/or a wireless mode of communication. In general,any network topology may be used.

Information and data can be displayed through a display 1732. Examplesof a display 1732 include, but are not limited to, a liquid crystaldisplay (LCD), an organic liquid crystal display (OLED), a cathode raytube (CRT), a plasma display, and any combinations thereof. The display1732 can interface to the processor(s) 1701, memory 1703, and fixedstorage 1708, as well as other devices, such as input device(s) 1733,via the bus 1740. The display 1732 is linked to the bus 1740 via a videointerface 1722, and transport of data between the display 1732 and thebus 1740 can be controlled via the graphics control 1721.

In addition to a display 1732, computer system 1700 may include one ormore other peripheral output devices 1734 including, but not limited to,an audio speaker, a printer, and any combinations thereof. Suchperipheral output devices may be connected to the bus 1740 via an outputinterface 1724. Examples of an output interface 1724 include, but arenot limited to, a serial port, a parallel connection, a USB port, aFIREWIRE port, a THUNDERBOLT port, and any combinations thereof.

In addition or as an alternative, computer system 1700 may providefunctionality as a result of logic hardwired or otherwise embodied in acircuit, which may operate in place of or together with software toexecute one or more processes or one or more steps of one or moreprocesses described or illustrated herein. Reference to software in thisdisclosure may encompass logic, and reference to logic may encompasssoftware. Moreover, reference to a non-transitory, tangiblecomputer-readable medium may encompass a circuit (such as an IC) storingsoftware for execution, a circuit embodying logic for execution, orboth, where appropriate. The present disclosure encompasses any suitablecombination of hardware, software, or both.

Those of skill in the art will understand that information and signalsmay be represented using any of a variety of different technologies andtechniques. For example, data, instructions, commands, information,signals, bits, symbols, and chips that may be referenced throughout theabove description may be represented by voltages, currents,electromagnetic waves, magnetic fields or particles, optical fields orparticles, or any combination thereof.

Within this specification, the same reference characters are used torefer to terminals, signal lines, wires, etc. and their correspondingsignals. In this regard, the terms “signal,” “wire,” “connection,”“terminal,” and “pin” may be used interchangeably, from time-to-time. Italso should be appreciated that the terms “signal,” “wire,” or the likecan represent one or more signals, e.g., the conveyance of a single bitthrough a single wire or the conveyance of multiple parallel bitsthrough multiple parallel wires. Further, each wire or signal mayrepresent bi-directional communication between two, or more, componentsconnected by a signal or wire as the case may be.

Those of skill will further appreciate that the various illustrativelogical blocks, modules, circuits, and algorithm steps described inconnection with the embodiments disclosed herein may be implemented aselectronic hardware, computer software, or combinations of both. Toclearly illustrate this interchangeability of hardware and software,various illustrative components, blocks, modules, circuits, and stepshave been described above generally in terms of their functionality.Whether such functionality is implemented as hardware or softwaredepends upon the particular application and design constraints imposedon the overall system. Skilled artisans may implement the describedfunctionality in varying ways for each particular application, but suchimplementation decisions should not be interpreted as causing adeparture from the scope of the present disclosure.

The various illustrative logical blocks, modules, and circuits describedin connection with the embodiments disclosed herein may be implementedor performed with a general purpose processor, a digital signalprocessor (DSP), an application specific integrated circuit (ASIC), afield programmable gate array (FPGA) or other programmable logic device,discrete gate or transistor logic, discrete hardware components, or anycombination thereof designed to perform the functions described herein.A general purpose processor may be a microprocessor, but in thealternative, the processor may be any conventional processor,controller, or microcontroller. A processor may also be implemented as acombination of computing devices, e.g., a combination of a DSP and amicroprocessor, a plurality of microprocessors, one or moremicroprocessors in conjunction with a DSP core, or any other suchconfiguration.

The steps of a method or algorithm described in connection with theembodiments disclosed herein (e.g., the method 100) may be embodieddirectly in hardware, in a software module executed by a processor, asoftware module implemented as digital logic devices, or in acombination of these. A software module may reside in RAM memory, flashmemory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, aremovable disk, a CD-ROM, or any other form of non-transitory, tangiblecomputer-readable storage medium known in the art. An exemplarynon-transitory, tangible computer-readable storage medium is coupled tothe processor such that the processor can read information from, andwrite information to, the non-transitory, tangible computer-readablestorage medium. In the alternative, the non-transitory, tangiblecomputer-readable storage medium may be integral to the processor. Theprocessor and the non-transitory, tangible computer-readable storagemedium may reside in an ASIC. The ASIC may reside in a user terminal. Inthe alternative, the processor and the non-transitory, tangiblecomputer-readable storage medium may reside as discrete components in auser terminal. In some embodiments, a software module may be implementedas digital logic components such as those in an FPGA once programmedwith the software module.

The previous description of the disclosed embodiments is provided toenable any person skilled in the art to make or use embodiments of thepresent disclosure. Various modifications to these embodiments will bereadily apparent to those skilled in the art, and the generic principlesdefined herein may be applied to other embodiments without departingfrom the spirit or scope of the disclosure. Thus, the present disclosureis not intended to be limited to the embodiments shown herein but is tobe accorded the widest scope consistent with the principles and novelfeatures disclosed herein.

What is claimed is:
 1. A method for enhancing a computerized speed ofprecluding messages that pose a compliance, policy, or legal violationrisk from being recorded in non-volatile memory, the method comprising:parsing a first document into words and symbols via a parsing module,sequences of words, or words and symbols, being identified as ideas;passing the first document to a semantic analyzer configured to: accessa policy model stored in a policy engine database; access a violationthreshold stored in the policy engine database; assign a score to eachof the ideas using the policy model; determine that a total of scoresfor the first document surpasses the violation threshold; and disablesave functionality of a device creating the first document, the savefunctionality configured to save the first document to non-volatilememory.
 2. The method of claim 1, further comprising: providing thefirst document or a screenshot of the first document to an analyticsdashboard configured to present the first document to a policy reviewer;receiving a response from the policy reviewer indicating the policyreviewer's assessment of risk of the total of the scores for the firstdocument; storing the response in the policy engine database; trainingthe policy model, at a training module, using machine learning that usesthe response as one of its inputs, to form an enhanced policy model; andaccessing the enhanced policy model and assigning scores to ideas parsedfrom a second document using the enhanced policy model.
 3. The method ofclaim 2, wherein the analytics dashboard is further configured toprovide the first document to a second policy reviewer, the methodfurther comprising: receiving a second response from the second policyreviewer indicating the second policy reviewer's assessment of risk ofthe total of the scores for the first document; storing the secondresponse in the policy engine database; and training the policy model,at the training module, using the machine learning that uses the secondresponse as a second of its inputs, to form the enhanced policy model.4. The method of claim 1, wherein the parsing module is part of thesemantic analyzer.
 5. The method of claim 1, wherein the first documentis received in real time as it is created.
 6. The method of claim 1,wherein the first document is received via import after documentcreation.
 7. The method of claim 1, wherein the semantic analyzerfurther provides the total of scores for the first document to theanalytics dashboard.
 8. The method of claim 1, wherein the semanticanalyzer requests the screenshot from a device creating the firstdocument in response to determining that the total of scores for thefirst document surpasses the violation threshold.
 9. A system forenhancing a computerized speed of precluding messages that pose acompliance, policy, or legal violation risk from being recorded innon-volatile memory during document creation, the system comprising: aparsing module configured to receive a document in real time or viaimport and parsing the document into words and symbols sequences ofwords, or words and symbols, being identified as ideas; a policy enginedatabase; an analytics dashboard configured to present the document, ora screenshot of the document, to a policy reviewer, and to receive aresponse from the policy reviewer indicating the policy reviewer'sassessment of risk of a total of scores assigned to the document; asemantic analyzer configured to: receive the sequences of words, orwords and symbols; access a policy model stored in the policy enginedatabase; access a violation threshold stored in the policy enginedatabase; assign a score to each of the ideas using the policy model;determine that the total of the scores assigned to the documentsurpasses the violation threshold; and disable save functionality of adevice creating the document, the save functionality configured to savethe document to non-volatile memory.
 10. The system of claim 9, whereinthe semantic analyzer is further configured to provide the document orthe screenshot of the document to the analytics dashboard, and whereinthe system further comprises a training module configured to train thepolicy model using the response from the policy reviewer as one of itsinputs, to form an enhanced policy model.
 11. The system of claim 10,wherein the semantic analyzer is further configured to provide the totalof the scores assigned to the document to the analytics dashboard. 12.The system of claim 10, wherein the analytics dashboard is furtherconfigured to: provide the document to a second policy reviewer; receivea second response from the second policy reviewer indicating the secondpolicy reviewer's assessment of risk of the total of the scores assignedto the document; store the second response in the policy enginedatabase; and wherein the training module is further configured to trainthe policy model, using the second response as a second of its inputs,to form the enhanced policy model.
 13. The system of claim 9, whereinthe parsing module is part of the semantic analyzer.
 14. The system ofclaim 9, wherein the semantic analyzer is further configured to requestthe screenshot from a device creating the document in response todetermining that the total of scores assigned to the document surpassesthe violation threshold.
 15. A non-transitory, tangible computerreadable storage medium, encoded with processor readable instructions toperform a method of enhancing a computerized speed of precludingmessages that pose a compliance, policy, or legal violation risk frombeing recorded in non-volatile memory during document creation, themethod comprising: parsing a first document into words and symbols via aparsing module, sequences of words, or words and symbols, beingidentified as ideas; passing the first document to a semantic analyzerconfigured to: access a policy model stored in a policy engine database;access a violation threshold stored in the policy engine database;assign a score to each of the ideas using the policy model; determinethat a total of scores for the first document surpasses the violationthreshold; and disable save functionality of a device creating the firstdocument, the save functionality configured to save the first documentto non-volatile memory.
 16. The non-transitory, tangible computerreadable storage medium of claim 15, further comprising: providing thefirst document or a screenshot of the first document to an analyticsdashboard configured to present the first document to a policy reviewer;receiving a response from the policy reviewer indicating the policyreviewer's assessment of risk of the total of the scores for the firstdocument; storing the response in the policy engine database; trainingthe policy model, at a training module, using machine learning that usesthe response as one of its inputs, to form an enhanced policy model; andaccessing the enhanced policy model and assigning scores to ideas parsedfrom a second document using the enhanced policy model.
 17. Thenon-transitory, tangible computer readable storage medium of claim 16,wherein the analytics dashboard is further configured to provide thefirst document to a second policy reviewer, the method furthercomprising: receiving a second response from the second policy reviewerindicating the second policy reviewer's assessment of risk of the totalof the scores for the first document; storing the second response in thepolicy engine database; and training the policy model, at the trainingmodule, using machine learning that uses the second response as a secondof its inputs, to form the enhanced policy model.
 18. Thenon-transitory, tangible computer readable storage medium of claim 15,wherein the parsing module is part of the semantic analyzer.
 19. Thenon-transitory, tangible computer readable storage medium of claim 15,wherein the first document is received in real time as it is created.20. The non-transitory, tangible computer readable storage medium ofclaim 15, wherein the first document is received via import after firstdocument creation.